Mr. Shultz, I really appreciate your detailed answers. Helps me out a lot.
I am now thinking big picture because my application does not require APR. May I ask this , what exactly does APR give me for apache-tomcat? I am thinking to scrap the whole APR install. The reason I am trying to install it is because of my anal need to have clean logs. I can’t stand any messages suggesting or recommending that I do this or that. I have always tried to accommodate those recommendations. However, in this case it may be the best to ignore the catalane log message saying that I should install APR. =========================== Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 1, 2017 4:04 PM To: users@tomcat.apache.org Subject: Re: security headers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alejandro, On 11/1/17 3:37 PM, Alejandro Vargas M. wrote: > Hello, > > I recently used on web.xml > > <filter> <filter-name>httpHeaderSecurity</filter-name> > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</fi lter-class> > > <async-supported>true</async-supported> </filter> > > <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > to enable some security headers, but it won't enable Content Security > Policy header. Is there anyway to enable Content Security Policy at > top server level??? What were you expecting that Filter to generate for you? A header which disables everything? Not terribly useful. My recommendation would be to use something like url-rewrite[1] to add headers to every outgoing response. url-rewrite has very similar capabilities to httpd's mod_headers (and much more, of course). - -chris [1] http://tuckey.org/urlrewrite/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln6KJkACgkQHPApP6U8 pFjuWRAAilRKahVEge71VBJrhragUyZuKR/uqEwfwpYj9Zq5DzI3I0JT6jwD8kwE //iuxBgDroVH/Xedn9oiMen9u1wSpf4p4fCQY0xcP99l6QnlgReimEM7Aoi24hTc WFgYlA2DVsKvmU0qjaI8HQoBrN+n8A+4Qhxu4fj5knNT1Sk1KppYDl/l6bkaI3Lc oPAvbYJbR2OV9SwCBoKFNjEPZwK9kTZhAr74gbErS/OZHcQAynZjHPcYl4+2K6Uj 98T3VKu6NIif5g3ry6TA9YYe5Dn3DyqBkY6wlAI91gRn7KjESDcJPcCiYglYDHqP 37ZdcP6LPmySFlBaug5E9811lyKIHnkpv/0OTaFM3AH0sulazBvLu38Ea5yeZQFC CofoYTMAY8KAlfwzKn+3RhTTQA8lmKHF/dVxQBRqP3vbN/+KU1KzqZmn2Q6KoYH+ Lf+gMJjeLE/0/8X9CnTaFPkmg7VbYgGmhGzgFkD85YTswT962L8M5evG1xdHaNiM ZZDEeYLWC/Cjdqvht3zQ0gvmI35pI1q2K/fnYb+mrV0eIi/rcosz99GQVpTTqS58 wCtIAKLChLuxuWoGp0+1+sI0ugwn9RmsIft34QBM1Us/FxGYc0Ou5VpBHE0JeYG8 G8RjZ+9eonM5ScwPrAZKZ7pd6qfCHY24/OvK6vT4HbRdqJbvWT8= =j1H+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
