IBM Support

HTTP Header information for Maximo and the IBM HTTP Server to contain " X-XSS-Protection: 1; mode=block "

Question & Answer


Question

How to make HTTP Header information for Maximo and the IBM HTTP Server to contain ' X-XSSProtection ' value set to " X-XSS-Protection: 1; mode=block " ? 

Answer

  • To configure IHS to set the "X-XSSProtection" response header value to "X-XSS-Protection: 1; mode=block", ensure that this line is uncommented in the httpd.conf file located at \IBM\HTTPServer\conf:

       LoadModule headers_module modules/mod_headers.so

Then use this directive to set the X-XSS-Protection response header:

     Header set X-XSS-Protection "1; mode=block"

This is described in this forum entry:

Adding security parameters to IHS configuration (X-Content-Type-Options, x-Xss-Protection, Content-Security-Policy) - IBM Developer Answers

https://developer.ibm.com/answers/questions/389311/adding-security-parameters-to-ihs-configuration-x/

  • In order to modify the header value for X-XSS-Protection for Maximo, you need to modify the following web.xml file located at \IBM\SMP\maximo\applications\maximo\maximouiweb\webmodule\WEB-INF

Modify the following line from 

 <filter>
  <filter-name>HttpXFrameOptionsFilter</filter-name>
  <filter-class>psdi.webclient.system.filter.HttpXFrameOptionsFilter</filter-class>
  <init-param>
   <param-name>X-Frame-Options</param-name>
   <param-value>SAMEORIGIN</param-value>
  </init-param>
 </filter>

To this :

 <filter>
  <filter-name>HttpXFrameOptionsFilter</filter-name>
  <filter-class>psdi.webclient.system.filter.HttpXFrameOptionsFilter</filter-class>
  <init-param>
   <param-name>X-Frame-Options</param-name>
   <param-value>SAMEORIGIN</param-value>
  </init-param>
  <init-param>
   <param-name> X-XSS-Protection</param-name>
   <param-value>1; mode=block</param-value>
  </init-param>
 </filter>

Save web.xml. Stop the application server, build and deploy Maximo.ear and restart the application server. ( Make sure the nodes are synchronized ).

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Component":"","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF017","label":"Mac OS"},{"code":"PF033","label":"Windows"}],"Version":"7.5;7.6;7.6.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
15 April 2019

UID

ibm10881177