Share via

Microsoft Power BI report Server - Setup response headers

Abdul Jaleel Abdulla Nalupurappattil 6 Reputation points
2021-01-05T13:46:21.097+00:00

During the security scanning for Microsoft power bi server, one of our client has identified few response headers and other defects.
As we have seen that the report server doesn't have an option to set up the web server and response header configurations, could you please assist us in setting up the response headers for the BI Server.

below are the reported defects.

  • Cross site scripting (content-sniffing)
    Affected Item (/reports/api/v2.0/SystemResources)
  • Slow HTTP Denial of Service Attack
    Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
  • Cookies with missing, inconsistent or contradictory properties
    Affected Item (/RPA/Cookie_Validator.js)
  • HTTP Strict Transport Security (HSTS) not implemented
  • Content Security Policy (CSP) not implemented / Insecure Referrer Policy

For majority of the defects, we cannot apply the fixes as the web server property is not found or urlrewrite cannot be found as part of the report server.

Please advise

Thank You,
Abdul Jaleel

SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
3,061 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZoeHui-MSFT 41,491 Reputation points
    2021-01-06T06:23:01.07+00:00

    Hi @Abdul Jaleel Abdulla Nalupurappattil ,

    For the web server property you may use SSMS to see if it could meet your needs.

    Run SSMS--connect to reporting services---choose PBIRS.

    After connecting you may right click the properties---advance.

    Using that page you may view or modify report server system properties.

    Hope it will be a little helpful to you.

    Seems your needs is more related with develop, not really familiar with it.

    Find some links for your reference:

    https://forums.iis.net/t/1236549.aspx

    https://community.powerbi.com/t5/Report-Server/Power-BI-Report-Server-HTTP-gt-HTTPS-URL-Redirect-Problem/td-p/642891

    Regards,
    Zoe

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    What can I do if my transaction log is full?--- Hot issues November

    How to convert Profiler trace into a SQL Server table -- Hot issues November

    1 person found this answer helpful.
    0 comments
  2. Vaibhav Chaudhari 38,916 Reputation points Volunteer Moderator
    2021-01-05T14:11:42.273+00:00

    Hi Abdul,

    Power BI related questions are currently not supported on this forum. It's better to reach out to dedicated forum over here:

    https://powerusers.microsoft.com/t5/Microsoft-Power-Automate/ct-p/MPACommunity

    Please don't forget to Accept Answer and Up-vote if the response helped -- Vaibhav

    0 comments
  3. cyy 21 Reputation points
    2022-03-15T04:48:44.667+00:00

    This is the Power BI Report Server forum: https://community.powerbi.com/t5/Report-Server/bd-p/ReportServer

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.