Configuring security headers

For security reasons, security headers are added to BMC Cloud Lifecycle Management End User Portal through filters. You can configure these headings by modifying the web.xml in clmui.war file. The filter code applies the headers depending on the value of the init-param option in the web.xml:

• If there is no value specified in the init-param option, the filter is not applied.
• If there is a custom value specified in the init-param option, the filter is applied with the custom value.
• If there is no init-param option, the filter is applied with the default value in the code.

The following table provides the list of headers and their default values in web.xml and code.

To configure security headers for Tomcat web server

1. Go to WEB-INF directory and open the web.xml file in a text editor.

   • Windows:  C:\Program Files\BMC Software\CloudPortalWebApplication\tomcat\webapps\clmui\WEB-INF\ 
   • Linux: /opt/bmc/CloudPortalWebApplication/tomcat/webapps/clmui/WEB-INF/

   
   

2. Modify the values of the headers in HeaderSecurityFilter filter in respective init-param key pairs.
3. Save the file.
4. Restart the Tomcat server.

To configure security headers for Jetty web server

1. Copy the clmui.war file from the <PLATFORM_MANAGER>\lib directory to a temporary directory.
2. Unzip the clmui.war file by using WinRAR utility.
3. Go to WEB-INF directory and open the web.xml file in a text editor.
4. Modify the values of the headers in HeaderSecurityFilter filter in respective init-param key pairs.
5. Save the file.
6. Replace the edited web.xml file in the clmui.war zip file.
7. Replace the edited clmui.war file to the <PLATFORM_MANAGER>\lib directory.