Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Alteryx Server Security Vulnerabilties

Rajan
5 - Atom

Hi All,

 

Is there a config file for Alteryx Server that could be modified to resolve the below security defects - 

Also any documentation that can help us guide the changes for server environment - 

For eg: - 

Overly Permissive CORS Access Policy

SSL / TLS is not implemented

Missing X-XSS-Protection header

Missing X-Content-Type-Options header

 

 

1 REPLY 1
KevinP
Alteryx Alumni (Retired)

@Rajan Thank you for posting your concerns. Please note that Alteryx Server has supported SSL/TLS since at least version 10.0 and added support for TLS1.2 to both Server and Designer with version 11.5. This just needs to be properly configured and enabled. Please see the Configuring Alteryx Server for SSL: Obtaining and Installing Certificates article and the online Server help (https://help.alteryx.com/20193/server/configure/enable-gallery-ssl) for details.

 

Regarding your concerns on the additional headers you should note that the X-XSS-Protection header is not supported in most modern browsers (Firefox and Edge) and is in the process of being deprecated by Chrome (Chrome actually removed this with the release of version 78 today). As such you shouldn't utilize this header as most browsers will ignore it anyway.

 

If you do have a need to set a custom header or a specific header value there is an option/section in the alteryx.config file to add custom headers to the Gallery web service. This config file can be found in your installation path (typically: C:\Program Files\Alteryx\bin\config\alteryx.config). Inside the file is a <httpHeaders> section with a commented example header. You can add any headers with values meeting your requirements to this section of the config file. The entries should follow the provided example. Also please keep in mind that this configuration file may be overwritten with the default values on upgrade or reinstall. As such if you change this configuration you should backup the file and restore it post upgrade to ensure these settings changes are maintained.