Application Gateway Administration GuideChapter 10 Transformed ApplicationsFeatures119• Handles timeouts automatically. A connection times out after 60seconds of inactivity (just like clients that use HTTP keepalive). Anadministrator can configure the minimum session time.• Interacts with cache engines to serve frequently requested data.• Rewrites URLs to conserve bandwidth.SecurityImproper configuration of the Application Gateway can result in asecurity risk. Before you deploy the Application Gateway, verify that itdoes not have access to protected intranet sites.By default, the Application Gateway proxies all requested applicationsand web pages, whether or not they have corresponding transformationinstructions. You can disable this unrestricted proxy so that theApplication Gateway proxies only the applications and web pages it hastransformed to prevent access to protected servers that are on the samesubnet as the Application Gateway. To change the Unrestricted Proxysetting, go to the Operation > General page of the Application GatewayAdministration Tool.Note If you use the default configuration so that the Application Gatewayproxies all web pages, the Application Gateway provides access tocomputers on the same subnet as the application servers that areconfigured to work with the Application Gateway. For example, supposean Application Gateway has an external IP address of 24.221.1.1 and aninternal IP address of 192.168.1.31. On the same subnet, you have anintranet server protected from outside access, with an IP address of192.168.1.20. You can then access all ports on the protected intranet serverthrough the Application Gateway by using the URLhttp://24.221.1.1/http://192.168.1.20.Be aware of these additional security considerations:• IP phone/Application Gateway connectionWe recommend that you locate the connection between an IP phoneand the Application Gateway behind a firewall.• SSL to non-SSL redirects