Hello EveryOne,
As new bee of Apache. We have been using one of the old Apache TomCat on windows server
2008R2, IIS 7. After we purchased and installed the SSL certificate. We need to apply a
header directive in Apache "Strict-Transport-Security" so that our web site
would be secured as the Government required. My question is where can I insert this
line? In which and where's the files in Apache TomCat 5.5, JDK 8 updated 102. Is it in
the same server.xml file as we modified the connector for SSL.
Look forward to hearing from your supports.
Regards,
Mary Pham
Information Technology Specialist
National Institutes of Health Library
Division of Library Services
Office of Research Services
10 Center Drive, Room 1L07, MSC 1150
Bethesda, MD 20892-1150
T. 301.496.1506
maryp...@mail.nih.gov<mailto:maryp...@mail.nih.gov>
Hello Mary,
you are using a quite outdated tomcat. A quick googling brought me to
stackoverflow, which might solve the problem for your tomcat 5.5. the
easiest way possible is to add a filter to your webapp and apply the
HSTS header in the response. You can make use of the buildin HSTS
support, if its possible to upgrade your tomcat to a recent version.
Related SO-Question:
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat
Best regards,
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
