Whitelisting Safe Domains

URL redirection brings security risks that can lead to the user being taken to a malicious site.

To prevent this, track the sites re:Members AMS pages redirect to and configure a list of permissible (whitelisted) domains. Once configured, only URL's with domains matching those whitelisted will be allowed. If a user attempts to re-direct an re:Members AMS page to a non-whitelisted domain, the user receives a message and is not redirected.

Several steps are involved in this process:

  1. Tracking redirects for a period of time (e.g., a month) and manually whitelisting your most common domains.

  2. Configure the "Error Redirect Whitelist Message Html" message.

  3. Enable "Track Whitelisted Redirect URLs" to track any instances where a user is redirected from re:Members AMS.

  4. Enable "Whitelist Redirect URLs" to fully enable whitelisting in your instance of re:Members AMS. This should only be done once the previous three steps are complete.

WhiteListing Common Domains

Whitelist your most common domains. Revisit this page frequently to view and possibly whitelist tracked domains. Ensure the messaging is clear for users blocked from redirecting. The message template is configured in Configuration app > Settings. Search for “Error Redirect Whitelist Message HTML”.

  1. Navigate to the Configuration App > Whitelist.

  2. Select the Whitelist tab.

  3. Click the Add Domain button. Enter a domain, such as "remembers.com" and click Save, or enter the URL and the system will automatically parse the domain.

Configuring & Enabling White-List Settings

Once domains have been added to the white-list, certain settings must be enabled for the functionality to work. All of these settings are in the Configurations App > Settings.

  • Error Redirect Whitelist Message HtmlClosed This is the error message users see when they attempt to go to a non-whitelisted domain. Ensure that the message is clear and descriptive.

  • Track Whitelisted Redirect URLsClosed This check-box causes the system to track instances of a white-listed URL being accessed through re:Members AMS. Tracked results appear in the Configurations App > Whitelist > Tracking tab. Note: this enables tracking only and does not enable any protection.

  • Whitelist Redirect URLsClosed The final setting which needs to be enabled: this protects users by preventing the system from being redirected to any non-whitelisted domain. Ensure that commonly accessed domains have been white-listed prior to activating.