The HTTP Server page is used for configuring various settings related to SecurityGateway's web interface. You can designate the host name that will be used in login links created by SecurityGateway, the HTTP and HTTPS ports, and other HTTP related settings.
Server
Host Name (used to create login links):
This is the host name that will be used by SecurityGateway when creating login links in messages it sends to your users and administrators. For example, if the URL that your users need to use when connecting to SecurityGateway is "https://sg.example.com:...", then enter "sg.example.com" into this box. SecurityGateway will automatically use "https://" if an SSL certificate is loaded or the "Redirect HTTP requests to HTTPS" option below is enabled. Otherwise, it will use "http://". Further, if SecurityGateway is set to listen on a non-default https or http port, then the appropriate port will be added to the URL automatically.
HTTP Ports (comma delimited):
This is the HTTP port that SecurityGateway's web interface will use. When connecting to SecurityGateway via their web browser, your users will need to include this port number in the URL after a colon. For example, "http://sg.example.com:4000". You can enter multiple ports separated by commas. The default port is 4000.
HTTPS Ports (comma delimited):
This is the HTTPS port that SecurityGateway will monitor for HTTPS connections to the web interface. Users connecting to this port will need to use "https" in SecurityGateway's URL and include the port number after a colon (e.g. "https://sg.example.com:4443"). You can enter multiple ports separated by commas. The default port is 4443.
Bind sockets to these IPs (comma delimited):
If you wish to restrict SecurityGateway to receiving connections made to specific IP addresses, enter them here separated by commas.
Number of Threads for HTTP Requests:
This is the number of threads that SecurityGateway will use for HTTP requests. The default value is 5.
Redirect HTTP requests to HTTPS
Check this box if you wish to redirect all HTTP requests to HTTPS. If you choose to use this option then you must ensure that you have a valid SSL/TLS Certificate installed for the domain.
Add HSTS header to HTTPS requests
By default an HTTP Strict Transport Security (HSTS) header is included in HTTPS responses. When a browser that supports HSTS receives an HSTS header and the SSL certificate is valid, future HTTP requests made to the same domain will be automatically upgraded to HTTPS.
Max age [XX] seconds
This is the value of the "max-age=" parameter that is included in the HSTS header. It is the amount of time the browser is instructed to remember the HSTS policy. The default setting is 63072000 seconds, or two years.
...include sub-domains
Check this box if you want the header to include the "includeSubDomains" directive, which instructs the browser to consider the policy as applying to all of the website’s sub-domains.
add domain to HSTS preload list
Use this option if you wish to add the preload directive to the HSTS header.
|
You should not use the preload option unless you are certain that you wish to add the domain to all of the major browsers' built-in HSTS Preload Lists. When a domain is added to the HSTS Preload List, it means that browsers must always use HTTPS when connecting to the domain or any of its sub-domains, which could prevent legitimate connections to a sub-domain if you did not intend that permanent requirement. Further, once your domain is added to the HSTS Preload List, it can be difficult or time-consuming to get it removed from the list. For more information on the HSTS Preload List, visit: https://hstspreload.org/ |
Configuration
Enable session timeouts
When this option is enabled, a user or administrator will be logged out of the web interface automatically when there is no activity from them for the number of minutes designated below. This option is enabled by default.
Log users out after [xx] minutes
This is the number of minutes of inactivity allowed before a user or administrator will be automatically logged out of the web interface. The default setting for this option is 15 minutes.
