Hello Chris, Thanks for the valuable input, that helps!! We shall go with getting the source package of Tomcat 7, put them in Tomcat 6 and use the filters of Tomcat 7 in Tomcat 6.
Can you please let me know from where I can get/download the source package of Tomcat 7? Also can you please share the location of the source package in Tomcat 6 so that we can replace it with the one from Tomcat 7? Regards, Mohammad -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 29 May 2017 20:57 To: users@tomcat.apache.org Subject: Re: Security Headers Implementation in Tomcat 6.x version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mohammad, On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote: > Based on your inputs, we are thinking to put Apache httpd in front of > Tomcat 6 server, since our header configuration is going to be static. This might not be a bad idea for a number of reasons, but it is by no means required. You can download the Tomcat 7 source package and use the security filters from Tomcat 7[1] in Tomcat 6: there is nothing in there that actually requires Tomcat 7 to run. > Can you please help us in identifying which version of Apache HTTP > Server we can use for Tomcat 6 version? Also, it will be great if you > can share some guidelines on how to implement Apache in front of > Tomcat. All supported versions of Apache web server work with app supported versions of Tomcat (as well as Tomcat 6). You have several choices for how to connect them together, but the most straightforward is to use mod_proxy_http from httpd to Tomcat. Tomcat behaves exactly as it did before and requires no additional configuration unless you are moving TLS termination from Tomcat to httpd. If that's the case, there are many guides on the web as well as on Tomcat's Presentations Page[2] that document how to do that. Hope that helps, - -chris [1] http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html [2] http://tomcat.apache.org/presentations.html -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZLD3hAAoJEBzwKT+lPKRYPh0P/RiGWVDs8c/PsFdC8VmU8fBB V+EqkBd3SMeMK9l/2NtHW+MK/5BkkB5/2ebZiivCBYVTkUi4jaqnBvy981EJFcFb vxovSsFhkhAPnr2DtZcg98wkTJ5dwT7ze50Cx/VBeXVlZD8n/nh+Msv5a1Fab0qI dTzTGUwAguFwVZHkZX16LefqHvbvC6R5lJDCkqdtWx51KbDB4fY2TdVhzGK1vCEk Vgrg4uEhjrkS/d6YgU4VWY8gHF2202DbmGPyZjIlh8l3R9bFWUE5NEg0AokOAAxR AySanDW0J1QNKjm11KQuwynDVTqLGu9u9JBxKYsqsZsjjzSIpHFzVislI/lIbKBi RKb1m+Hsfm0LkmDX+9N47EKXG5B6HOenUjWnjy2BCBnkINPXSbGOPXrG4028hSmo NlPWGZTFSJnlcE4mLTxHZBQjPwgg2pmn/Ck4LsP9PFJITC3/2jtCpnwCv29pcxx8 ILG8On65M9uA2AdnhGucNvSpV5nsfPujhBQtB44A9Xd9V3ssdqn+hSgorZ4aMY7U XPGyiUV985D+9XKkaHY0gBWjLdEBRZisWV1k66QjAWXC3ekdxGQzyV47RehwRueQ 6Zcc5MuH1F/3okJpXlxSwnpwfLyfZZPjZrhVoyKMxAWj2ozkIqPcfcSw8cYxN5hr Fx+sOmqCwHww762nVlnZ =03C1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
