QPR ProcessAnalyzer Security Hardening: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
No edit summary
Line 2: Line 2:


== IIS Response Headers: X-XSS-Protection and X-Frame-Options ==
== IIS Response Headers: X-XSS-Protection and X-Frame-Options ==
This instruction applies when [[Routing_Through_IIS_in_QPR_UI|traffic is routed through IIS]].
This step applies only when [[Routing_Through_IIS_in_QPR_UI|traffic is routed through IIS]].
# In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following:
# In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following:
#* Name: '''X-XSS-Protection'''
#* Name: '''X-XSS-Protection'''
Line 15: Line 15:


== Allow Incoming Requests only from Localhost ==
== Allow Incoming Requests only from Localhost ==
This step applies only when [[Routing_Through_IIS_in_QPR_UI|traffic is routed through IIS]].
In GlassFish allow incoming requests only from localhost.
In GlassFish allow incoming requests only from localhost.



Revision as of 16:30, 28 October 2018

The following list provides recommendations for improving (hardening) the security of QPR UI installation.

IIS Response Headers: X-XSS-Protection and X-Frame-Options

This step applies only when traffic is routed through IIS.

  1. In Internet Information Services (IIS) Console, click ui folder in the left side hierarchy, double-click HTTP Response Headers, click Add... on the right side pane, and define the following:
    • Name: X-XSS-Protection
    • Value: 1; mode=block
  2. Similarly, add the following HTTP Response Header:
    • Name: X-Frame-Options
    • Value: deny

More information:

Allow Incoming Requests only from Localhost

This step applies only when traffic is routed through IIS. In GlassFish allow incoming requests only from localhost.

Change Glassfish Administrator Password

Change GlassFish administrator password

Latest Java is Installed

Check that the latest version of Java 8 is installed.