Knowledge Doc: Software Security Center] How to enable HSTS(HTTP Strict Transport Security) in Tomcat

0 Likes

Summary
Steps will be explained about enable HSTS(HTTP Strict Transport Security) in Tomcat.

Products
Fortify Software Security Center

Environment
Software Security Center

Situation
HSTS(HTTP Strict Transport Security) is required.

Resolution
To enable HSTS in Tomcat, follow these steps:

  1. Open the <Tomcat>/conf/web.xml file in a text editor.
  2. Uncomment the  httpHeaderSecurity filter definition and the <filter-mapping> section, and then add the hstsMaxAgeSeconds parameter, as shown below.
<filter>
    <filter-name>httpHeaderSecurity</filter-name>
  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
      <param-name>hstsMaxAgeSeconds</param-name>
      <param-value>31536000</param-value>
    </init-param>
    <async-supported>true</async-supported>
</filter>
<filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

Save the file.
Restart Tomcat.


Knowledge Base Article Link


URL Name
KM000017386

Labels:

Knowledge Docs
Comment List
Related
Recommended