> org.apache.catalina.filters.HttpHeaderSecurityFilter<
/fi
>
>>>>
lter-class>
>>>> true
>>>>
>>>>
>>>> httpHeaderSecurity
>>>> /*
>>>>
>>>> to enable some security headers, but it won'
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
lter-class>
true
httpHeaderSecurity
/*
to enable some security headers, but it won't enable Content
Security Policy header. Is there anyway to enable Content Security
Policy at top server level???
What
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 11/2/17 9:35 AM, André Warnier (tomcat) wrote:
> You seem to be responding on the wrong thread, but here are some
> answers anyway (will save Christopher some typing)
(I was trying not to pollute this hijacked thread.)
> When tomcat sta
: Thursday, November 2, 2017 9:36 AM
To: users@tomcat.apache.org
Subject: Re: security headers
You seem to be responding on the wrong thread, but here are some answers
anyway (will save Christopher some typing)
On 02.11.2017 13:55, Cheltenham, Chris wrote:
> Mr. Shultz,
>
> I really apprec
nham
Technology Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 1, 2017 4:04 PM
To: users@tomcat.apache.org
Subject: Re: security headers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 11/2/17 8:55 AM, Cheltenham, Chris wrote:
> Mr. Shultz,
>
> I really appreciate your detailed answers. Helps me out a lot.
>
> I am now thinking big picture because my application does not
> require APR.
Wrong thread?
- -chris
-BEG
: users@tomcat.apache.org
Subject: Re: security headers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alejandro,
On 11/1/17 3:37 PM, Alejandro Vargas M. wrote:
> Hello,
>
> I recently used on web.xml
>
> httpHeaderSecurity
> org.apache.catalina.filters.HttpHeaderSecuri
ity
> /*
>
> to enable some security headers, but it won't enable Content
> Security Policy header. Is there anyway to enable Content Security
> Policy at top server level???
What were you expecting that Filter to generate for you? A header
which disables everything? Not t
Hello,
I recently used on web.xml
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true
httpHeaderSecurity
/*
to enable some security headers, but it won't enable Content Security
Policy header. Is there a
On Thu, Sep 07, 2017 at 04:07:25PM +0530, Mohammad Nayeem wrote:
> We have installed apace and configured mod_jk connector along with a
> load-balancer for 2 tomcat servers.
>
> We were able to successfully start apache and we got the login page of our
> application hosted on it, but the functiona
e the exact same
functionality that we had without apache in the front?
Regards,
Mohammad Nayeem
-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 31 May 2017 16:38
To: Tomcat Users List
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x
version
Hi Chris,
We currently have 7.0.42 version which does not support security headers,
so we have taken jar files from 7.0.63 and replaced with the those in
7.0.42 library folder. We were able to successfully start our tomcat
instance and we got the login page of our application hosted on it, but
Ghgfhch
Dygugjfbjg
Envoyé de mon smartphone BlackBerry 10.
Message d'origine
De: Christopher Schultz
Envoyé: jeudi 8 juin 2017 18:43
À: users@tomcat.apache.org
Répondre à: Tomcat Users List
Objet: Re: [External] Re: Security Headers Implementation in Tomcat 6.x version
-BEGIN PGP S
tence that way.
- -chris
> -Original Message- From: Olaf Kock
> [mailto:tom...@olafkock.de] Sent: 31 May 2017 16:38 To: Tomcat
> Users List Subject: [External] Re:
> Security Headers Implementation in Tomcat 6.x version
>
> Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N
mcat Users List
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x version
Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
> Hello Olaf,
>
> Thanks for your response!
>
> Based on your inputs, we are thinking to put Apache httpd in front of Tomcat
> 6 se
Am 02.06.2017 um 07:43 schrieb Shaik, Mohammad N.:
> Hi Chris, > > My actual requirement was to implement 7 HTTP headers, out of
> which
4 are implemented in "HttpHeaderSecurityFilter". The remaining 3 headers
(Content-Security-Policy, Public-Key-Pins, X-Robots-Tag) are not
addressed in any of t
versions.
Is there any way that we implement these 3 headers in Tomcat?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 01 June 2017 19:59
To: users@tomcat.apache.org
Subject: Re: [External] Re: Security Headers Implementation
e.
Remember: Upgrade ASAP.
- -chris
> -Original Message- From: Christopher Schultz
> [mailto:ch...@christopherschultz.net] Sent: 31 May 2017 23:52 To:
> users@tomcat.apache.org Subject: [External] Re: Security Headers
> Implementation in Tomcat 6.x version
>
> Mohammad,
&g
7 23:52
To: users@tomcat.apache.org
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote:
> Can I simply use the JAR files from Tomcat 7 that contains executable
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote:
> Can I simply use the JAR files from Tomcat 7 that contains
> executable code of filter classes (security headers), and put them
> into corresponding location in Tomcat 6?
Definit
Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
> Hello Olaf,
>
> Thanks for your response!
>
> Based on your inputs, we are thinking to put Apache httpd in front of Tomcat
> 6 server, since our header configuration is going to be static.
>
> Can you please help us in identifying which version
Hi,
2017-05-31 13:37 GMT+03:00 Shaik, Mohammad N. <
mohammad.n.sh...@accenture.com>:
>
> Hi Chris,
>
> Can I simply use the JAR files from Tomcat 7 that contains executable
code of filter classes (security headers), and put them into corresponding
location in Tomcat 6?
I would
istopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: 30 May 2017 21:06
> To: users@tomcat.apache.org
> Subject: Re: Security Headers Implementation in Tomcat 6.x version
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mohammad,
>
> On 5/30/17 2:13
Hi Chris,
Can I simply use the JAR files from Tomcat 7 that contains executable code of
filter classes (security headers), and put them into corresponding location in
Tomcat 6?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent
folder or under "WEB-INF" folder of my application?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 30 May 2017 21:06
To: users@tomcat.apache.org
Subject: Re: Security Headers Implementation in Tomcat 6.x versio
hristopher Schultz
> [mailto:ch...@christopherschultz.net] Sent: 29 May 2017 20:57 To:
> users@tomcat.apache.org Subject: Re: Security Headers
> Implementation in Tomcat 6.x version
>
> Mohammad,
>
> On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
>> Based on your inputs, we are
share the location of the source package in
Tomcat 6 so that we can replace it with the one from Tomcat 7?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 29 May 2017 20:57
To: users@tomcat.apache.org
Subject: Re: Security Headers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
> Based on your inputs, we are thinking to put Apache httpd in front
> of Tomcat 6 server, since our header configuration is going to be
> static.
This might not be a bad idea for a number of
, it will be great if you can share some
guidelines on how to implement Apache in front of Tomcat.
Regards,
Mohammad Nayeem
-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 29 May 2017 13:53
To: users@tomcat.apache.org
Subject: Re: Security Headers Implementation in
Am 29.05.2017 um 07:59 schrieb Shaik, Mohammad N.:
> We are using Tomcat 6.x version and we need to implement the following
> headers in our environment.
>
> Headers:
> 1) Strict-Transport-Security
> 2) Content-Security-Policy
>
> 7) X-Robots-Tag
>
> When I checked the Tomcat 6 version webpa
If the technology is java/j2ee then you can implements some sort of servlet
filter where you can manipulate the HTTP response to add these headers for
each outgoing response. I believe other platforms like .Net should also
support similar feature to customize the request and response objects.
O
Hello,
Can someone please let me know if the following headers are compatible with
Tomcat 6.x version? If yes, then how do we enable them?
Headers:
1) Strict-Transport-Security
2) Content-Security-Policy
3) Public-Key-Pins
4) X-Frame-Options
5) X-XSS-Protection
6) X-Content-Type-Options
7) X-Rob
Hello,
We are using Tomcat 6.x version and we need to implement the following headers
in our environment.
Headers:
1) Strict-Transport-Security
2) Content-Security-Policy
3) Public-Key-Pins
4) X-Frame-Options
5) X-XSS-Protection
6) X-Content-Type-Options
7) X-Robots-Tag
When I checked the Tomca
33 matches
Mail list logo
