Configure Tomcat X-Frame-Options Header - ALE Learnset Manager - 23.1 - 23.1 - Brainware - external

ALE Learnset Manager Installation and Upgrade Guide

Platform
Brainware
Product
ALE Learnset Manager
Release
23.1
License

Injecting HTTP Response with the secure header can mitigate most of the web security vulnerabilities.

To enable secure HTTP header in Apache Tomcat, configuring X-Frame-Options Header is very essential to prevent clickjacking attack.

To configure X-Frame-Options Header, complete the following steps.

  1. Modify the web.xml file in the Apache Tomcat Conf directory.
  2. In the Built In Filter Definitions section in web.xml, add or uncomment the following filter configuration, in case it does not exist already.
    <filter>
          <filter-name>httpHeaderSecurity</filter-name>
         <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
         <async-supported>true</async-supported>
    </filter>
    
  3. In the Built In Filter Mappings section in web.xml, add the following configuration, in case it does not exist already.
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    
  4. Save the file and restart Tomcat.
    Note: You must apply this configuration to all Tomcat servers which have the ALE Learnset Manager web application installed.