MicroStrategy ONE
Configure a Redirect URL Whitelist in MicroStrategy Web and Library
Starting in MicroStrategy 2021 Update 1, you can configure redirect URL whitelists in MicroStrategy Web and Library.
Whitelist URLs
The URL whitelist is enabled by default, but allows all domains and all protocols. The configuration must be adjusted to be more restrictive. Any changes require a restart of the web server (Tomcat) to be applied.
The following section is present inside the exploded WAR file for MicroStrategy Web and Library. Inside the \WEB-INF\ folder is the web.xml file used for configuring the URL whitelist:
<filter>
<filter-name>redirectResponseFilter</filter-name>
<filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class>
<init-param>
<param-name>allowedProtocols</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>redirectResponseFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> Edit the Whitelist Contents
The whitelist has the following parameters that can be used to control it:
-
allowedProtocolsSpecifies the allowed protocols, such as http, https, ftp. By default, an asterisk (*) is present and all protocols are allowed. Removing the asterisk and populating the parameter restricts it to only the specified protocols. If there are no values present, all protocols are blocked.
-
domainsSpecifies the allowed domains, such as google.com. By default, an asterisk (*) is present and all domains are allowed. Removing the asterisk and populating the parameter restricts it to only the specified domains. If there are no values are present, all domains are blocked.
After editing the URL whitelist, you must restart the application server.
See the following examples of whitelist configurations in web.xml:
Block All URLs
The file shown below contains no allowed protocols, and no allowed domains, so all URLs are blocked.
<filter>
<filter-name>redirectResponseFilter</filter-name>
<filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class>
<init-param>
<param-name>allowedProtocols</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value></param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>redirectResponseFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> Allow URLs Based on Sub-Domain
The file shown below allows all URLs that have domains within *.microstrategy.com with any protocols.
For example, the file below allows https://www.microstrategy.com/, http://try.microstrategy.com/, ftp://a.microstrategy.com/, and blocks http://try.microstrategy.top/ and https://try.microstrategy.cn/.
<filter>
<filter-name>redirectResponseFilter</filter-name>
<filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class>
<init-param>
<param-name>allowedProtocols</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>*.microstrategy.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>redirectResponseFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>Allow All Domains with HTTPs Protocols
The file shown below allows all URLs that have https protocols.
For example, the file below allows https://www.microstrategy.com/ and blocks http://www.microstrategy.com/ and ftp://a.microstrategy.com/.
<filter>
<filter-name>redirectResponseFilter</filter-name>
<filter-class>com.microstrategy.web.filter.RedirectResponseFilter</filter-class>
<init-param>
<param-name>allowedProtocols</param-name>
<param-value>https</param-value>
</init-param>
<init-param>
<param-name>domains</param-name>
<param-value>*.microstrategy.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>redirectResponseFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> Don't forget to restart your application to apply your changes.