Enabling security policy for reports
In the Web Report component, you can use a new option named "EnableCSPHeader" to improve the custom report security.
If this option is set to "1", it will prevent external content to be loaded on the page.
A fresh installation of BigFix Version 11 sets the "EnableCSPHeader" option to "1" by default. When you upgrade to Version 11 Patch 1, if the option was not previously added, it is set to 0 by default.
You can enable it by performing the following steps:
On Windows systems:
- Stop the BES Web Report Server service.
- Run Regedit.
- Add the option
in the Windows registry under:EnableCSPHeader = 1
HKLM\SOFTWARE\Wow6432Node\BigFix\Enterprise Server\BESReports
- Restart the BES Web Report Server service.
On Linux systems:
- Stop the service by running the command
service beswebreports stop
. - Open the /var/opt/BESWebReportsServer/beswebreports.config file.
- Add the
EnableCSPHeader
option in the [Software\BigFix\Enterprise Server\BESReports] section as follows:EnableCSPHeader = 1
- Restart the service by running the command service beswebreports start.