akadm
Arastiriyorum 1 year ago
akadm #it-arena

How to add security headers to Alloy Navigator web apps

Security headers are HTTP response headers that define whether a set of security precautions should be activated or deactivated on the web browser when accessing a website. To prevent security vulnerabilities, you can add security headers to the website hosting your Alloy web applicationsClosed. This article describes two methods of adding the most commonly used security headers. You can use either of them. However, it is convenient to use a combination of two methods: start with Method 1 to create the web.config file, and then edit that file using Method 2.

Method 1: Using the IIS manager Select Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager. In the connections pane, expand the node for the server, and then expand Sites. Select the site hosting Alloy web applications. Typically, it is Alloy Navigator Site. In the site pane, under IIS, double-click HTTP Response Headers. Use these steps to add the missing security headers. For a list of all the headers, see the table below. In the Actions pane, click Add to reveal the Add Custom HTTP Header dialog box. In the Name box, type in a header name. For example, Expect-CT. In the Value box, type in a header value. For our Expect-CT example, enter enforce, max-age=43200. Click OK.

TIP: After you have added one of the headers, you can use Method 2 to copy and paste all the remaining headers to the web.config file. The table contains the HTTP response headers and the values that have been tested for use with the current 2023.1 version Alloy web applicationsClosed. TIP: If you need to specify other values for those headers or add other custom HTTP response headers, please contact our Support Team.

NOTE: Some of the headers may not be supported on the web browsers that your employees and customers use. Check out the compatibility before the implementation.


Method 2: Editing the web.config file

Locate the web.config file that is associated with the website hosting your Alloy web applications.


Select Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager.


In the connections pane, expand the node for the server, and then expand Sites.


Select the site hosting Alloy web applications. Typically, it is Alloy Navigator Site.


Right click the site and select Explore.


In the File Explorer window that opens, get to the web.config file.


TIP: If no web.config file exists for your website, use Method 1 to add a header from the list of headers above. This will create the web.config file. Then you can proceed with these steps.


Edit the web.config file in a text editor. For example, in Notepad++.


NOTE: To be able to save your changes, you may need to run your text editor as administrator.


At the end of the web.config file, above the closing </configuration> tag, add or edit the <customHeaders> configuration section so that it includes all the security headers from the table above.


To be on the safe side, start with Method 1 and add the first header, as suggested. This will create the web.config file, if needed, and add the <customHeaders> section where needed. Then copy the contents of the <customHeaders> section from the sample below and paste it to your web.config file.


<customHeaders>
<add name="Expect-CT" value="enforce, max-age=43200" />;
<add name="Content-Security-Policy" value="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:;" />;
<add name="Feature-Policy" value="fullscreen 'none'" />;
<add name="Permissions-Policy" value="fullscreen=()"/>;
<add name="Referrer-Policy" value="no-referrer" />;
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" />;
<add name="X-Content-Type-Options" value="nosniff" />;
<add name="X-Frame-Options" value="SAMEORIGIN" />;
<add name="X-Xss-Protection" value="1; mode=block" />;
</customHeaders>


As a result, your web.config file may look like this:

  1. Save the web.config file.
  2. Restart IIS to apply the changes.
  3. TIP: For example, open the IIS Manager, navigate to the web server node in the tree, and then click Restart in the Actions pane.


0
758

Login to Post comments

Comments 0
Türkiye yaşlanıyor, fırsat penceresi kapanıyor!

Türkiye yaşlanıyor, fırsat penceresi kapanıyor!

1713358301.jpg
Arastiriyorum
 7 months ago
Çalışan memnuniyetsizliğinin şirketlere maliyeti belli oldu! Etkisi tahminlerin de üstünde…

Çalışan memnuniyetsizliğinin şirketlere maliyeti belli oldu! Etkisi ta...

1713358301.jpg
Arastiriyorum
 2 months ago
Neden 'Sentetik Veri' Dememeli ve Siz de Dememelisiniz?

Neden 'Sentetik Veri' Dememeli ve Siz de Dememelisiniz?

1713358301.jpg
Arastiriyorum
 2 months ago
2025 Küresel Yetenek Trendleri Araştırması

2025 Küresel Yetenek Trendleri Araştırması

1713358301.jpg
Arastiriyorum
 4 months ago
Yabancı CEO’lar hibrite razı, Türk CEO’lar çalışanını “gözünün önünde” istiyor!

Yabancı CEO’lar hibrite razı, Türk CEO’lar çalışanını “gözünün önünde”...

1713358301.jpg
Arastiriyorum
 8 months ago