# Configuring Web Security Settings
The **Web Security Settings** section allows Administrators to configure settings that prevent malicious execution of code either on **Solar Archive** itself, or on the end user PC via the **Solar Archive** Web.
1. Navigate to **Adv Configuration** > **Web Security Settings.**
2. Enter / Select the required values in the fields. Refer to the table below for field names and descriptions.
3. Click "Save"
{% hint style="info" %}
**Note**: Please hover over the on-screen information for additional information about field names and related areas.
{% endhint %}
| Field | Description |
| ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Referrer Validation Level** | Validation level for links coming from referrer sites. |
| **Allowed Referrer Hosts** | List of hostnames / host addresses from which URL links to Solar Archive web will be allowed. This field plays two key roles:
- Intranet links to Solar Archive: To prevent websites that you are not aware of from linking to this Solar Archive system. In theory, a malicious third party web site may try to mask the Solar Archive web behind its own UI. Therefore, for your internal intranet web or any other portals that you know about that link to the Solar Archive web you will need to add their hostname to the referrer list here. Without this your users will see an “Unknown Referrer – access denied” message – showing the referrer hostname that is not known to Solar Archive.
- Stubbing URL Links when security is enabled (transport agent / OWA Plugin): Stubbing services will convert attachments in Exchange Emails to URL links. These URL links will open the attachment from Solar Archive. If Stubbing URL Security is enabled then every time a Stub URL link is followed, Solar Archive will try to obtain the users username to see if they are valid to view the attachment \[a sender or recipient of the email containing the attachment]. However, to allow the “Transport Agent” and the “OWA Plug-in” will also follow these URL links. However they will need to bypass the security check. So enter the server name / IP address on which the Transport Agent and OWA Plug-In are installed.
|
| **Malicious web parameter handling** | Action that should be taken to handle malicious web parameter. |
| **Filter web parameters with AntiSamy** | Specifies whether or not the feature of filtering web parameters with AntiSamy is turned On. |
| **Display HTML editor controls** | Specifies whether HTML editor controls are shown or hidden to the users. |
| **Ensure HttpOnly cookie** | Specifies whether or not HttpOnly cookie should be used to prevent illegitimate access. |
| **Force a login check for stubbing URL Links** | Specifies whether or not users are checked and must be a sender or recipient of the email that contains the attachment. |
| **Protection against framing attacks** | Specifies whether or not other websites should be prevented from framing pages of **Solar Archive** web application. |
| **Discard web requests containing unsafe characters in ‘referer’ header** | Specifies whether or not referer headers, in web requests, are checked, for potentially unsafe value. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.solar-archive.com/docs/advanced-configuration/configuring-web-security-settings.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.