Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
A TLS handshake over-run is not the only reason to blacklist a client. Other reasons include a series of
abandoned connections, or a series of requests ending in error, such as multiple attempts to access non-
existent URLs. These various triggers have differing minimum blacklist periods. To extend monitoring of
these additional triggers to port 80, add the following entry to the locked.properties file:
insecureHandshakeDelay = delay_in_milliseconds
For example:
insecureHandshakeDelay = 1000
To disable blacklisting of HTTP connections, remove the insecureHandshakeDelay entry or set it to 0.
User Agent Whitelisting
Set a whitelist to restrict user agents that can interact with Horizon 7. By default, all user agents are
accepted.
Note This is not strictly a security feature. User agent detection relies on the user-agent request header
provided by the connecting client or browser, which can be spoofed. Some browsers allow the request
header to be modified by the user.
A user agent is specified by its name and a minimum version. For example:
clientWhitelist-portal.1 = Chrome-14
clientWhitelist-portal.2 = Safari-5.1
This means that only Google Chrome version 14 and later, and Safari version 5.1 and later are allowed to
connect using HTML Access. All browsers can connect to other services.
You can enter the following recognised user agent names:
n
Android
n
Chrome
n
Edge
n
IE
n
Firefox
n
Opera
n
Safari
Note Not all of these user agents are supported by Horizon 7. These are examples.
View Security
VMware, Inc. 39