Skip to main content
Nintex Community Menu Bar
Knowledge Base

Disabling Cross-Site Scripting XSS in NGINX and Disable lower TLS protocol


Forum|alt.badge.img+3

Topic

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
 

 

Instructions 

To disable cross-site scripting, do the following.

  1. Go to C:\Nintex\IDP\Aerobase\Data\nginx\conf.d
  2. Open nginx-security-hardening.import using a text editor
  3. write below line:

add_header "X-Frame-Options" "ALLOW-FROM <FQDN>";

  1. Save and close the file
  2. Restart RPA services
  3. Check below components are working and one should be able to login:
    Aerobase
    Admin
    Studio
    Robot
  4. In case if customer asks to disable lower TLS protocol e.g. (tls 1.0/ tls1.1) then kindly update the following two files:
    Remove tlsv1 and tlsv1.1 from files aerobase-http.conf and aerobase-subdomains.conf
     


 

 

 

Translate
Did this topic help you find an answer to your question?

0 replies

Be the first to reply!

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie Settings