Enable HTTP Security headers for ActiveMQ (AMQ)

Product 360 uses Apache ActiveMQ for communication between serval modules. ActiveMQ brings an admin web interface running at port 8161 by default.

It is possible to enable additional HTTP Security headers for the responses.

With the following steps one or more headers can be added:

• Open file ...\MessageQueue\activemq\conf\jetty.xml

• Find the <bean> with id="rewriteHandler"

• Below this tag you find a list of header beans

• Add a new header bean to the list with the following values

  <bean id="header2" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
                    <property name="pattern" value="*"/>
                    <property name="name" value="X-XSS-Protection"/>
                    <property name="value" value="1; mode=block"/>
                  </bean>

  This sample enables the header X-XSS-Protection with value 1; mode=block.
  Adjust the name and value to your needing. The id value has to be adjusted to be unique fore each bean tag.

• Restart the ActiveMQ service