Using the node Security it is possible to define parameters for the inspection of IP addresses so unwanted transmissions of URLs can be reconstructed. Use this properties when working in WebOffice 10.9 R3 projects with WebOffice usermanagement. In the case of hijacking, an entry gets written into the log file.


Security configuration

Security configuration




Check Hijacking?

Switch to check Client IP addresses (true) or to ignore them (false).

Hijacking Exceptions

List of IP addresses to be excluded from checking. Addresses are separated by semicolon ( ; ) , wildcards can be used (i.e. 255.255.1.*).

XSS Parameter Exceptions

List of parameter named to be excluded from xss attack checking. Parameter named are separated by semicolon ( ; ). The following values can be configured as exceptions:

(a) parameters listed under <WebOffice Application>/pub/

(b) technical names of attributes

Use login via XMLHttp?

Defines the type of post used for signing in to WebOffice. Either a Standard HTTP Form Post (false, Default) or a XMLHTTP Request (true) is used.

Use this option to suppress session information in URL-Line of the browser.


XMLHttp Forwarding is reported to crash some browsers.

Security configuration