Applies To:Show Versions
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Adding AJAX Blocking Response Behavior to a Security Policy
Overview: Adding AJAX blocking and login response behavior
- Microsoft® ASP.NET
By default, if you enable AJAX blocking behavior, when an AJAX request results in a violation that is set to Block, Application Security Manager performs the default AJAX response page action. The system presents a login response if the application user sends an AJAX request that attempts to directly access a URL that should only be accessed after logging in.
Configuring the blocking response for AJAX applications
- On the Main tab, click .
- In the Current edited policy list near the top of the screen, verify that the edited security policy is the one you want to work on.
- Click the AJAX Response Page tab.
injection) check box.
The system displays the default blocking response and login response actions for AJAX.
For the Default Response Page action setting, select the
type of response you want the application user to receive when they are blocked
from the application:
- Custom Response lets you specify HTML text or upload a file to use as a replacement for the frame or browser page that generated the AJAX request. Include the text, then click Show to preview the response.
- Popup message displays text in a popup window (default text is included).
- Redirect URL redirects the user to the URL you specify. You can also include the support ID. For example: http://www.example.com/blocking_page.php?support_id=<%TS.request.ID()%>.
- For the Login Page Response action, select the type of response (types are the same as for default response page in Step 5).
- Click Save.
- To put the security policy changes into effect immediately, click Apply Policy.