QPR ProcessAnalyzer Security Hardening: Difference between revisions

Revision as of 16:30, 28 October 2018

The following list provides recommendations for improving (hardening) the security of QPR UI installation.

This instruction applies when traffic is routed through IIS.

In Internet Information Services (IIS) Console, click ui folder in the left side hierarchy, double-click HTTP Response Headers, click Add... on the right side pane, and define the following:
- Name: X-XSS-Protection
- Value: 1; mode=block
Similarly, add the following HTTP Response Header: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
- Name: X-Frame-Options
- Value: deny

More information:

In GlassFish allow incoming requests only from localhost.

Check that the latest version of Java 8 is installed.

@@ Line 3: / Line 3: @@
 == IIS Response Headers: X-XSS-Protection and X-Frame-Options ==
 This instruction applies when [[Routing_Through_IIS_in_QPR_UI|traffic is routed through IIS]].
-# In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following: (more information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection)
+# In '''Internet Information Services (IIS) Console''', click '''ui''' folder in the left side hierarchy, double-click '''HTTP Response Headers''', click '''Add...''' on the right side pane, and define the following:
 #* Name: '''X-XSS-Protection'''
 #* Value: '''1; mode=block'''
@@ Line 9: / Line 9: @@
 #* Name: '''X-Frame-Options'''
 #* Value: '''deny'''
+More information:
+* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
 == Allow Incoming Requests only from Localhost ==