Hi Daniel, A new bee has to learn on an outdated systems! We cann't up upgrade due to dependency of apps and forms, that's what I've learned. Thank you for the link. To be honest I do not know what to do yet. I've checked and seen several web.xml files, in different directories....Some I think is original, some had modified.
Regards, -Mary -----Original Message----- From: Daniel Küppers [mailto:dan...@tetralog.com] Sent: Wednesday, September 14, 2016 11:17 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Apache TomCat 5.5 > Hello EveryOne, > > As new bee of Apache. We have been using one of the old Apache TomCat on > windows server 2008R2, IIS 7. After we purchased and installed the SSL > certificate. We need to apply a header directive in Apache > "Strict-Transport-Security" so that our web site would be secured as the > Government required. My question is where can I insert this line? In which > and where's the files in Apache TomCat 5.5, JDK 8 updated 102. Is it in the > same server.xml file as we modified the connector for SSL. > Look forward to hearing from your supports. > > Regards, > > > Mary Pham > Information Technology Specialist > National Institutes of Health Library > Division of Library Services > Office of Research Services > 10 Center Drive, Room 1L07, MSC 1150 > Bethesda, MD 20892-1150 > T. 301.496.1506 > maryp...@mail.nih.gov<mailto:maryp...@mail.nih.gov> Hello Mary, you are using a quite outdated tomcat. A quick googling brought me to stackoverflow, which might solve the problem for your tomcat 5.5. the easiest way possible is to add a filter to your webapp and apply the HSTS header in the response. You can make use of the buildin HSTS support, if its possible to upgrade your tomcat to a recent version. Related SO-Question: http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat Best regards, Daniel --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org