Security
How to enable HTTP Strict-Transport-Security (HSTS) response header
Overview From Applications Manager v16250, the super administrator has the option of enabling HSTS. The RFC 6797-specified HTTP Strict Transport Security (HSTS) protocol enables a website to identify itself as a secure host and notify browsers that ...
Update on the Apache Log4j Vulnerability
A high severity vulnerability ( CVE-2021-44228 ) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j2 versions below 2.15.0. You can find the details of this ...
How to configure session inactivity timeout in APM ?
The session inactivity timeout setting represents the amount of time a user can be inactive before the user's session times out and closes. It only affects user browser sessions. You can set the values in only numeral values denoting minutes. This ...
Hide Server Banner and Product Info from HTTP Header
A server banner may display information about the underlying hosting environment. Usually in Applications Manager, the information that can be exposed is the product name: Server: AppManager For security purposes, it may be desirable to disable the ...
IP Whitelist/Blacklist configuration
Applications Manager does not have support for filtering access through the request ip's. However making use of the underlying Tomcat app server, this can be achieved. Users should ideally use a network firewall to restrict IP based access (this is ...
Disable HTTP access in Applications Manager
Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP -> http://[hostname/ip-address]:[http-port] ...
Disable TLSv1 and 1.1
TLS settings and options Disable TLSv1 and 1.1 Applications Manager supports TLSv1, TLSv1.1 and TLS v1.2 by default. However, all major browsers have deprecated TLSv1 and TLSv1.1 in their latest versions. If your browser does not support TLSv1.2, ...
How can I generate and import certificates into AppManager?
From v14260 : Option to create Certificate Signing Request (CSR) and import SSL certificate to Applications Manager are introduced in UI. Please refer Manage Certificates for detailed steps. Steps for Applications Manager below v14260 : 1. Open the ...
How to avoid the Clickjacking vulnerability in AppManager ?
To configure Content-Security-Policy header with frame-ancestors directive and combat click-jacking vulnerability, Applications Manager supports option in UI to enable/disable this via setting. Follow the steps as per the Applications Manager version ...
How can i ensure that my HTTPS connection to AppManager is secure ?
Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed by any of the following URLs: For HTTP -> http://[hostname/ip-address]:[http-port] For ...