DWP -Tomcat settings to prevent DOS and click jack attacksSecurity concerns around implenting MyIT

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MyIT Digital Workplace



    QUESTION:

    Do we  support the changes to Tomcat settings to prevent DOS and click jack attacks and referenced on the links below.

    https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/
    https://www.acunetix.com/vulnerabilities/web/clickjacking--x-frame-options-header-missing

    Are these changes supported or not? What are the BMC guidelines on making (or not making ) these changes.
     


    ANSWER:

    We already have XFRAME option in MyIT web.xml file.

    File is located at MyIT/WEB-INF/web.xml

    - Add below lines.

    NOTE: For DWP 18.05 and beyond freplace Myitapp with dwp

    <filter-mapping>
            <filter-name>ResponseHeaderFilter</filter-name>
            <url-pattern>/admin/*</url-pattern>
          <dispatcher>REQUEST</dispatcher>
          <dispatcher>FORWARD</dispatcher>
        </filter-mapping>
        <filter-mapping>
            <filter-name>ResponseHeaderFilter</filter-name>
            <url-pattern>/myitapp/*</url-pattern>
          <dispatcher>REQUEST</dispatcher>
          <dispatcher>FORWARD</dispatcher>
        </filter-mapping>
        <filter-mapping>
            <filter-name>ResponseHeaderFilter</filter-name>
            <url-pattern>/myitapp-full/*</url-pattern>
          <dispatcher>REQUEST</dispatcher>
          <dispatcher>FORWARD</dispatcher>
        </filter-mapping>


    -Save and restart MyIT Tomcat


    Article Number:

    000138621


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles