Application Security Manager™ can protect AJAX applications including those that use JSON or XML for data transfer between the client and the server. If the AJAX application uses XML for data transfer, the security policy requires that an XML profile be associated with a URL or parameter. If the AJAX application uses JSON for data transfer, the security policy requires that a JSON profile be associated with a URL or parameter. If the AJAX application uses HTTP for data transfer, no profile is needed.
You can also set up AJAX blocking response behavior for applications so that if a violation occurs during AJAX-generated traffic, the system displays a message or redirects the application user to another location.
|Loose||A smaller request sample; for example, useful for web sites with less traffic.|
|Middle||A medium number of requests. This is the default setting, and the one to use if you are not sure about the amount of traffic on the application web site.|
|Tight||A large request sample; for example, useful for web sites with lots of traffic.|
|All||Specifies that the policy trusts traffic from all IP addresses. Recommended only for internal or test environments.|
|Address List||Specifies a list of networks to consider safe. To add a network, type the IP Address and Netmask, then click Add.|
The next steps for reviewing policy building status and adding other security protections are the same as for any automatic policy building.
|Enabled||The system is configured to automatically build a security policy, and the Policy Builder is processing traffic.|
|Disabled||The system is not processing traffic. Check the automatic policy building configuration.|
|Detecting Language||The system is still configuring the language after analyzing responses to identify the language of the web application. The Policy Builder is enabled, but it cannot add elements to the security policy until the language is set.|
The Real Traffic Policy Builder® creates a security policy that can protect applications that use AJAX with JSON or XML for data transfer between the client and the server. The system examines the traffic and creates an appropriate profile. If the application uses XML, the security policy includes one or more XML profiles associated with URLs or parameters. If the application uses JSON, the security policy includes one or more JSON profiles associated with URLs or parameters.