Global Site Settings allows administrators to secure and protect TAC Sites and user access violations from outside. Security is a major fact and consideration for every organization and TAC is more ardent in protecting your data from intruders.
Global Site Settings affect all the sites available in the TAC gateway. These settings will be applied to the sites unless you have specific site settings configured for each site. You may set unique settings for each site from Site Configuration as explained in section 3.3 and that will ignore Global Site Settings.
Global Site Settings can be found under Configuration menu.
Options available under Global Site Settings:
Disable web content indexing by crawler robots using prohibitive robots.txt files – Select this option to disable web content indexing by crawler robots using prohibitive robots.txt files in the internet.
TAC allows administrator to enable HTTP Strict Transport Security (HSTS) for the TAC sites as an additional HTTP security. You can enable HTTS for specific site and site name under Site Configuration. Here you can add hostnames that should ignore HSTS settings.
Send accepted certificate authorities to the client - select this option when there is a need to send the client the accepted certificate authorities during the client certificate negotiation. This will allow for the certificate authorities to be installed in the Trusted Root. This option can be used when the certificate-based authentication repository has been configured. See Adding Certificate Based Authentication Repository
When publishing an application use 'Authorize All' option by default - Select this option to quickly authorize all users when publishing an application
TAC allows administrators to set account lockout policy if a user is trying to access the site using an incorrect password. TAC provides extra settings to control user access through TAC site to prevent and cover security holes that may arise through user access.
Logon lockout threshold: Here, administrators can specify the threshold value to lock the account after reaching the configured number of consecutive failed logon attempts. Default value is 4.
Logon lockout threshold for IP: This setting prevents login from an IP that has reached the threshold configured for the number of consecutive failed login attempts from an IP. Default value is 50.
Logon lockout reset: This setting configures the number of seconds that should elapse before lockout threshold is reset. Default is 300 seconds.
Fallback SSL Certificate
Fallback SSL certificate may be required to provide secure connection for clients or devices that do not support Server Name Indication (SNI). When SNI option is enabled for a site, you may enable a fallback SSL certificate that would secure such clients or devices. This certificate should cover all host names used for sites and applications with custom host name within sites that have the SNI option enabled. It is recommended to use the Wildcard certificate or SAN certifi- cate that contains all corresponding host name entries. Read more: Configuring Fallback SSL Certificate