How to safely disable Horizon DaaS HTML access

A few months back one of our DaaS users reached out to us saying that their Cyber Insurance company was not ready to accept the Horizon DaaS external facing HTML access URL. So, we had to find a workaround that would not block the PCoIP and Blast protocols. Finally, we were able to come up with a workaround for this. All those changes were done on the Unified Access Gateways (UAG) systems. Will look at how we can apply those changes. 

  • Firstly, log into the UAG admin URL – https://IPADDRESS:9443/admin 

  • Select “Configure Manually” and enable “Edge Service Settings“, and then click on the “Horizon Settings

  • Then, scroll down till you find the option “Disable HTML Access“. Just disable HTML access. 

  • Finally, find the field called “Proxy Pattern” and update the values with the below values. (NOTE: we have simply removed certain URLs from the external access)

Default value:

 /|/(.*\.action|admin|images/|css/|js/|ajax/|appblast|appblast/|portal|view-client/|appimage/|horizonadmin|xmp|dt-rest|tams).*

New Value: 

/|/(.*\.action|images/|css/|js/|ajax/|portal|view-client/|appimage/|xmp|dt-rest|tams).*

What is CSA Cloud Controls Matrix (CCM)

The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA best practices, that is considered the de-facto standard for cloud security and privacy. The accompanying questionnaire, CAIQ, provides a set of “yes or no” questions based on the security controls in the CCM.

You can now download the CCM and CAIQ together.

These 2 files consist of all required documentation.

  • CCM v4
  • Mappings
  • CAIQ v4
  • STAR Level 1: Security Questionnaire (CAIQ v4)
  • Implementation Guidelines
  • Auditing Guidelines

Mappings enable you to connect the dots if you are already Compliant with other major Compliance standards.

  • ISO/IEC 27001/27002/27017/27018
  • CCM V3.0.1
  • AICPA TSC
  • CIS Controls V8
  • NIST 800-53r5
  • PCI DSSv3.2.1

[source: cloudsecurityalliance.org]