Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

291

292

293

294

295

296

297

298

299

300

1-21

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Other System Settings

Configuring Faster Detection of Offline WAAS Devices

Step 2 Click the Edit icon next to the system.security.webApplicationFilter entry.

The Modifying Config Property window appears.

Step 3 Choose true from the Value drop-down list to enable this feature.

A confirmation message appears to advise Central Manager and Device Manager users to log out and

then back in after enabling this feature.

Step 4 Click OK and then Submit.

Step 5 Log out and then back in again.

Security Verification

The Web Application Filter feature verifies security using two methods, input verification and

sanitization. Input validation validates all input data before accepting data. Sanitization prevents

malicious configuration and scripts already present in the data from getting executed.

This section contains the following topics:

• Input Validation, page 1-21

• Sanitization, page 1-21

Input Validation

Input validation scans all data that is input to the Central/Device Manager database and is only

configurable by the admin user.

Any input submitted using the Central Manager GUI that is suspicious of XSS is blocked. Blocked input

results in a warning.

Input data is checked against the following XSS filter rules:

• Input is rejected if it contains a semicolon (;)

• Input is rejected if it is enclosed in angle brackets (<>)

• Input is rejected if it can be indirectly used to generate the above tags (&#60, &#62, %3c, %3e)

Sanitization

The sanitizer prevents malicious configuration and scripts from getting executed in the browser when

there is an XSS attack on the database. Sanitization is not configurable by the user.

Configuration data coming from the Central Manager that is suspect for XSS is shown in red on the

Device Groups > All Device Groups page.

Configuring Faster Detection of Offline WAAS Devices

You can detect offline WAAS devices more quickly if you enable the fast detection of offline devices. A

WAAS device is declared as offline when it has failed to contact the WAAS Central Manager for a

getUpdate (get configuration poll) request for at least two polling periods. (See the “About Faster

Detection of Offline Devices” section on page 1-22 for more information about this feature.)