| Table of Contents | ||
|---|---|---|
|
CUIT Implementation - Requirements
Provide listing of all domain names used to access the application; Ensure all domains are owned by Columbia
Provide listing of any alternate DNS record types for application domains
MX, TXT, etc.
Provide list of all non-web ports served off the domain name
Ensure minimum encryption protocol of TLS 1.2
Ensure all application transactions complete within 300 seconds (application timeout)
Ensure application has a valid certificate and includes any vanity domain names as the Common Name or SAN
Ensure client supports Server Name Indication (SNI)
Contact information for the group responsible for maintaining the application
CUIT Implementation - API Requirements for Allowlisting Legitimate Automated Traffic
hostname/domain where endpoint resides
path of endpoint
source IP connecting to endpoint
user agent of valid traffic
referer
request method
query strings
x-forwarded-for value
or other unique header values for the application
Programing the information above into the WAF will block automated traffic from malicious sources and your legitimate, automated requests will be allowlisted.
*PLEASE NOTE: All sites protected by Cloudflare are subject to periodic application security scanning by CUIT
...