Documentation Center

Configuring HTTP header validation for the Ambient Data Framework

To guard against HTTP header injection using the session ID and tracking ID generated by Ambient Data Framework, you can configure header validation in the Ambient Data Framework configuration file, cd_ambient_conf.xml.

Procedure

  1. In your Web application or Server Role directory, open cd_ambient_conf.xml for editing.
  2. Inside the Security section, ensure the presence of a last subelement called HeaderValidation.
  3. Inside this subelement, ensure the presence of two subelements:
    DigestKey
    A random passphrase.
    GracePeriodEndDate
    The moment at which you want HTTP header validation of the session ID and tracking ID to start. Until that moment, visitors can visit your Web site and obtain a digest and attach it to their header. After that moment, only visitors with the correct digest are allowed access.
  4. Save and close cd_ambient_conf.xml and restart your Web application, Windows service or Java process.