Configure HTTP Strict Transport Security (HSTS) in Applicare
Configure HSTS
HTTP Strict Transport Security (HSTS) is a web security policy mechanism, which helps protect web application users against some passive (eavesdropping) and active network attacks.
Step 1: Stop Applicare Controller.
Step 2: Edit the <Applicare_Controller_Home>/server/conf/web.xml file and do the below changes.
- Uncomment the contents inside the "HTTP Strict Transport Security (HSTS) start" and "HTTP Strict Transport Security (HSTS) end"
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Step 3: Save the file.
Step 4: Start Applicare controller.
Please sign in to leave a comment.
Comments
0 comments