QPR ProcessAnalyzer Security Hardening
Jump to navigation
Jump to search
The following list provides recommendations for improving (hardening) the security of QPR UI installation.
IIS Response Headers: X-XSS-Protection and X-Frame-Options
This instruction applies when traffic is routed through IIS.
- In Internet Information Services (IIS) Console, click ui folder in the left side hierarchy, double-click HTTP Response Headers, click Add... on the right side pane, and define the following: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection)
- Name: X-XSS-Protection
- Value: 1; mode=block
- Similarly, add the following HTTP Response Header: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
- Name: X-Frame-Options
- Value: deny
Allow Incoming Requests only from Localhost
In GlassFish allow incoming requests only from localhost.
Change Glassfish Administrator Password
Change GlassFish administrator password
Latest Java is Installed
Check that the latest version of Java 8 is installed.