Global Site Settings

Global Site Settings  allows  administrators to secure  and  protect TAC Sites and  user access violations from outside. Security  is a major fact and consideration for every organization and  TAC is more  ardent in protecting your data from intruders.

Global Site Settings  affect all the sites available in the TAC gateway. These settings will be applied  to the sites unless you have specific site settings configured for each site. You may set unique settings for each site from Site Configuration as explained in section  3.3 and that will ignore Global Site Settings.

Global Site Settings  can be found under Configuration menu.

Options available under Global Site Settings:

Security

Disable web content indexing by crawler robots  using  prohibitive robots.txt files – Select this option to disable web content indexing by crawler robots  using  prohibitive robots.txt files in the internet.

TAC allows  administrator to enable  HTTP Strict Transport Security  (HSTS) for the TAC sites as an additional HTTP security. You can enable  HTTS for specific site and site name  under Site Configuration. Here you can add  hostnames that should ignore  HSTS settings.

Send accepted certificate authorities to the client - select this option when there is a need to send the client the accepted certificate authorities during the client certificate negotiation. This will allow for the certificate authorities to be installed in the Trusted Root. This option can be used when the certificate-based authentication repository has been configured. See Adding Certificate Based Authentication Repository

When publishing an application use 'Authorize All' option by default - Select this option to quickly authorize all users when publishing an application

Logon

TAC allows administrators to set account lockout policy if a user is trying to access the site using an incorrect password. TAC provides extra settings to control user access through TAC site to prevent and cover security holes that may arise through user access.

Logon lockout threshold: Here, administrators can specify the threshold value  to lock the account  after reaching the configured number of consecutive failed logon attempts. Default value is 4.

Logon lockout threshold for IP: This setting prevents login from an IP that has reached the threshold configured for the number of consecutive failed login attempts from an IP. Default value  is 50.

Logon lockout reset: This setting configures the number of seconds that should elapse  before lockout threshold is reset. Default is 300 seconds.

Fallback SSL Certificate

Fallback SSL certificate may be required to provide secure  connection for clients or devices  that do not support Server Name Indication (SNI). When  SNI option is enabled for a site, you may enable  a fallback SSL certificate that would secure  such clients or devices.  This certificate should cover all host names used  for sites and applications with  custom host name  within sites that have the SNI option enabled. It is recommended to use the Wildcard certificate or SAN certifi- cate that contains all corresponding host name  entries. Read more: Configuring Fallback SSL Certificate