Applicable to: Futurama Website
In case the Futurama Website module is used it is possible to configure additional security settings. These settings are set in the security-section of the configuration file.
Within the element the next code has to be included:
Next to this code, also within the element the next code has to be included:
The futuramaSettings element is the general part for more configuration settings. Within this element the server element is set.
Within the security/web element some attributes can be set. Below the possible values of these attributes.
If set to true, Futurama verifies that subsequent requests are sent by the same user.
If set to true, the IP address of the remote user is included in the verification check. If the ip address was changed during the session, the session is aborted and abandoned by Futurama, also if this was unintentionally. For example, a change from a wired to a wireless connection would change the users IP address and thus end the session. In case do not have the security section in your web.config, includeIPaddress defaults to True.
This number defines the maximum number of sessions that Futurama allows. The default is 0, and means an unlimited number of sessions. If you specify a number, all requests for new sessions after the maximum number of sessions is reached will be transferred to the defined throttle page. With this setting you can reduce the risk of an attacker trying to flood the server with sessions.
This setting is only used when maxNumberOfSessions is greater than 0. When the maximum number of sessions is reached, the subsequent requests will be transferred to throttlepage. In the example we created a static HTML page TooManyUsers.htm and placed it in the root folder of the Futurama installation.
allowSettingUservariablesThroughUrl (Futurama 2016.11 +)
This setting is for backwards compatibility and is deprecated. The default value is “False”.
onlyAllowCallsToVisibleButtons (Futurama 2016.11 +)
This property can be set to False to allow hardcoded links to buttonclick urls where the button is not present on the current page (e.g: ). The default value is “True”. See for more information the Compatibility paragraph below.
removeRequestParametersOnLogin(Futurama 2018.10 +)
This property can be set to True to remove all request parameters when the user is redirected from the login page to the startpage. This setting is only applicable when using Forms Authentication.
If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.