Scenario: When reviewing the activity lags for a web application, a Citrix Engineer notices a high number of requests for the page, /setup.aspx. Further investigation reveals that most of these requests originated from outside the network.
Which protection can the engineer implement to prevent this?
To prevent unauthorized access to the /setup.aspx page, the Citrix Engineer can implement the Start URL with URL Closure protection. This ensures that sessions begin with a designated entry page, such as a home page or login page, and that users cannot directly access pages unless they have navigated from the initial entry point within the application. This measure helps restrict direct access to sensitive parts of the web application, like the setup page, to only those legitimately navigating through the application after appropriate authentication and authorization.
A. Start URL with URL Closure The Start URL protection ensures that a session starts with a designated entry page, like a home page or login page, and URL Closure ensures that users cannot directly access pages that are not linked from that Start URL. This is especially important for pages like /setup.aspx, which should not be directly accessed without proper navigation from within the application (which typically happens after authentication and authorization). By implementing Start URL with URL Closure, the engineer can ensure that only legitimate application paths are followed.