Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Steps will be explained about enable HSTS(HTTP Strict Transport Security) in Tomcat.
Products
Fortify Software Security Center
Environment
Software Security Center
Situation
HSTS(HTTP Strict Transport Security) is required.
Resolution
To enable HSTS in Tomcat, follow these steps:
httpHeaderSecurity
filter definition and the <filter-mapping>
section, and then add the hstsMaxAgeSeconds parameter, as shown below.<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <init-param> <param-name>hstsMaxAgeSeconds</param-name> <param-value>31536000</param-value> </init-param> <async-supported>true</async-supported> </filter> <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>
Save the file.
Restart Tomcat.
URL Name
KM000017386