25.4 Securing the Filr Site

25.4.1 Configuring a Proxy Server

Your Novell Filr system should be located behind your firewall. If Filr users want to access the Filr site from outside your firewall, you should set up a proxy server outside your firewall to provide access. You can use NetIQ Access Manager to protect your Filr site, as described in Changing Reverse Proxy Configuration Settings in the Novell Filr 1.0.1 Installation and Configuration Guide.

25.4.2 Setting the Filr Administrator Password

The Filr site is initially installed to allow administrator access by using the username admin and the password admin. The Filr administrator password should be changed immediately after installation, as described in Section 1.2, Resetting the Filr Administrator Password.

25.4.3 Securing the Filr Site against XSS

Cross-site scripting (XSS) is a client-side computer attack that is aimed at Web applications. Because XSS attacks can pose a major security threat, Novell Filr contains a built-in security filter that protects against XSS vulnerabilities. This security filter is enabled by default.

The following sections describe the types of content that the security filter blocks from the Filr site, where exactly it blocks it from entering, and how you can disable the security filter or enable specific users to bypass the security filter.

Understanding What Content Is Not Permitted

By default, the XSS security filter in Filr is very strict, and does not allow users to add certain types of content. For example, the following content is not permitted:

  • HTML that contains JavaScript

  • Forms

  • Frames

  • Objects

  • Applets

Understanding Where the Content Is Not Permitted

The type of content discussed in Understanding What Content Is Not Permitted is filtered by Filr in the following areas:

  • Text and HTML fields in entries and folders

  • Uploaded HTML files

Listing All XSS Threats in Your System

Filr enables you to run an XSS report that lists XSS threats that are contained in your Filr system. For more information, see Section 21.2.9, XSS Report.