Greetings! I run a public-facing Mid Tier. I've been tasked with implementing HSTS on the web servers. I'm running Mid Tier 8.1, using IIS and Tomcat on Windows 2008 Server.
I came across this at BMC Communities: "Currently, the Tomcat HSTS security filter is not compatible with Mid-Tier. Given that this is a standard feature which relates to the security of the application\environment it would be a good thing to have compatibility." (link <https://communities.bmc.com/ideas/14278>) I haven't hung around Communities much, but evidently this is an "Idea" (i.e. an enhancement request) and, as such, is subject to a vote. BMC Support confirmed that: 1. yes, it's subject to a vote; 2. Mid Tier is indeed incompatible with the Tomcat HSTS filter; 3. Furthermore it isn't compatible with _any_ HSTS filter. I can only see the demand for HSTS-compatibility increasing, and I wonder if or how others are dealing with this (beyond obtaining a waiver for HSTS non-compliance)? And I'm not sure I can/should use this venue for such a request, but is anyone else willing to click on that Communities link and vote this one up the flagpole? Bright Moments, Joe Castleman _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
