Sorry for typo in earlier email, i was saying about ExpiresFilter only
so how do i add this filter and failter mapping , Do i need to add
both in existing <filter-name>httpHeaderSecurity</filter-name>
<filter>
<filter-name>ExpiresFilter</filter-name>
<filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class>
<init-param>
<param-name>ExpiresByType image</param-name>
<param-value>access plus 10 days</param-value>
</init-param>
<init-param>
<param-name>ExpiresByType text/css</param-name>
<param-value>access plus 10 hours</param-value>
</init-param>
<init-param>
<param-name>ExpiresByType application/javascript</param-name>
<param-value>access plus 10 minutes</param-value>
</init-param>
<!-- Let everything else expire immediately -->
<init-param>
<param-name>ExpiresDefault</param-name>
<param-value>access plus 0 seconds</param-value>
</init-param></filter>
On Wed, Feb 27, 2019 at 1:59 PM logo <l...@kreuser.name> wrote:
> Hello Nitin,
>
> Am 27.02.2019 08:52, schrieb Nitin Kadam:
> > Hello,
> >
> >
> >
> > How can i change “Cache Control -private: to “Cache-Control: nostore”
> >
> > i searched and found that need to add express filters in web config but
> > not
> > sure on where to add in filters.
> >
> > can you please guide me on same?
> >
>
> as far as I can tell, that Header is already set by your application -
> Tomcat will not set it by default. Not to "private" for sure.
> So it may be necessary to change that in your config, maybe even code.
>
> Usually you would have to implement a CacheControl filter like the one
> mentioned here at stackoverflow
> https://stackoverflow.com/questions/2876250/tomcat-cache-control
>
> I don't know if the new ExpiresFilter will let you set the
> Cache-Control-Header to that necessary value (other than max-age=0).
>
> From my experience and the long history of many different browsers using
> different headers, the one header will maybe solve a vulnscan issue but
> not the compatibility with "all" browsers.
>
> Peter
>
>
> >
> > On Wed, Feb 20, 2019 at 3:28 AM Peter@Kreuser-Online
> > <l...@kreuser.name>
> > wrote:
> >
> >> Hi Nitin,
> >>
> >> Per se this can be done by enabling the
> >> org.apache.catalina.filters.HttpHeaderSecurityFilter
> >> in the global or your webapp‘s web.xml
> >>
> >> For CSP you should write your own Filter.
> >>
> >> Beware though that Content Security Policy is nothing that can be
> >> enabled
> >> without application knowhow, the right settings for your needs and
> >> intensive testing. You may really break inline Javascript in your
> >> pages
> >> (css too).
> >>
> >> Please check out the great websites of Scott Helme on the Headers
> >> https://Securityheaders.io or
> >> https://scotthelme.co.uk/csp-cheat-sheet/
> >>
> >>
> >> Peter
> >>
> >> > Am 19.02.2019 um 19:13 schrieb Nitin Kadam <nitinkadam1...@gmail.com
> >:
> >> >
> >> > Hello Team
> >> >
> >> > Need help to enable below security headers in Apache tomcat 7.0.79
> >> > Operating system is windows 2012 R2
> >> >
> >> > 1. Content security headers
> >> > 2. HSTS header
> >> >
> >> > Regards
> >> > Nitin
> >>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
Regards
Nitin Kadam
(9967688959)
