Using a secure content site About the secure content site Setting up a secure content site STEP 1: Register a domain STEP 2: Update the Multiple Sites & Languages form STEP 3: Update the user.HeaderMatch document About the secure content site A secure content site is an important security feature that provides an added measure of protection against system attacks. Its purpose is to allow administrators to set up read-only sites to be used for file downloads. This prevents potential attacks on the system where an attachment or uploaded file may contain malicious HTML that executes an attack on a user when it is opened through the web. By moving all file download activity to a read-only site, the various browsers' cross site scripting defenses act to prevent this potential threat. Top Setting up a secure content site To set up a secure content site, follow these steps: Note This process is required for each secure content site you wish to set up. STEP 1: Register a domain STEP 2: Update the Multiple Sites & Languages form STEP 3: Update the user.HeaderMatch document Top STEP 1: Register a domain Register a secondary domain and point it at Internet Services. For example, if the main site is www.site.com, the secondary domain might be download.site.com. Note If the site has an SSL certificate, then depending on the type of certificate, it may be necessary to get an additional certificate for the secondary domain as well. Top STEP 2: Update the Multiple Sites & Languages form Add a new line to the Multiple Sites & Languages form for the secondary domain. Give it the same "Web site alias" as the primary site. Set "Authentication" to "Read Only". Top STEP 3: Update the user.HeaderMatch document Update the user.Headermatch document to add a line for the new domain: <sitename>: SET contentsite = <secondarydomain> Top