Notes.ini Entry



Name:

    iNotes_WA_Security_RefererCheck

Syntax

    iNotes_WA_Security_RefererCheck=0 / 1 / 2

Applies to:

    Servers

Add-on:


    First Release:

      8.5.1

    Obsolete since:


      Category:

        iNotes

      Default:

        None

      UI equivalent:

        None

      Description:
      If the Referer value is invalid or removed by a proxy server, or if it references a different second-level HTTP domain than that of the iNotes server, then you need to change your configuration. Use the table below and the scenarios provided in this section to determine the relevant Notes.ini setting you may need to add, based on your configuration.


      Note that the Domino console command set config can be used to modify these settings and avoid a restart of the entire Domino server. After setting the value just restart Domino HTTP task and the setting will take effect. For example:

      > set config iNotes_WA_Security_RefererCheck=0
      > tell http restart


      Valid values are:
      0 Referer header checking is disabled
      1 Strict Referer header checking is enabled (default) - Post requests must have a Referer header. If a whitelists exists, the Referer header must match an entry there. If no whitelist exists (default), the Referer header must match the server's domain.
      2 Lenient Referer checking is enabled - Post requests are not required to have a Referer header. If a Referer header does exist and if a whitelists exists, the Referer header must match an entry on the whitelist. If a Referer header does exist and no whitelist exists, the Referer header must match the server's domain.

      Also see Technote 21412267 -> https://www-304.ibm.com/support/docview.wss?uid=swg21412267