To guard against HTTP header injection using the session ID and tracking ID generated by Ambient Data Framework, you can configure header validation in the Ambient Data Framework configuration file, cd_ambient_conf.xml.
Procedure
- In your Web application or Server Role directory, open cd_ambient_conf.xml for editing.
- Inside the
Security section, ensure the presence of a last subelement called HeaderValidation.
- Inside this subelement, ensure the presence of two subelements:
DigestKey
-
A random passphrase.
GracePeriodEndDate
-
The moment at which you want HTTP header validation of the session ID and tracking ID to start. Until that moment, visitors can visit your Web site and obtain a digest and attach it to their header. After that moment, only visitors with the correct digest are allowed access.
- Save and close cd_ambient_conf.xml and restart your Web application, Windows service or Java process.