Check Hijacking?

Switch to check Client IP addresses (true) or to ignore them (false).

Hijacking Exceptions

List of IP addresses to be excluded from checking. Addresses are separated by semicolon ( ; ) , wildcards can be used (i.e. 255.255.1.*).

XSS Parameter Exceptions

List of parameter named to be excluded from xss attack checking. Parameter named are separated by semicolon ( ; ). The following values can be configured as exceptions:

(a) parameters listed under <WebOffice Application>/pub/url-parameters.info

(b) technical names of attributes

Check Open Redirects?

Switch to check Open Redirects addresses ('Yes') or to always allow them ('No').

An Open Redirect is performed, when WebOffice ist started with the parameter 'url_redirect'.

Redirects to the local host of WebOffice are implicitly allowed.

URL Redirect Parameter allow list

If "Check Open Redirects?" is activated, the specified URL parameter 'url_redirect' is compared with the addresses defined here.

Redirects to the local host of WebOffice are implicitly trusted.

Addresses can be listed in the form of regular expressions (RegEx).

An address must match completely (including host, subdirectory, and document name).

The use of lists (with the group separator '|') and placeholders (with '.*') is allowed.

The protocol prefix ('http://' or 'https://') is not relevant.

Use login via XMLHttp?

Defines the type of post used for signing in to WebOffice. Either a Standard HTTP Form Post (false, Default) or a XMLHTTP Request (true) is used.

Use this option to suppress session information in URL-Line of the browser.