org.apache.catalina.filters.HttpHeaderSecurityFilter<
/fi
>
>>>>
lter-class>
>>>> true
>>>>
>>>>
>>>> httpHeaderSecurity
>>>> /*
>>>>
>>>> to enable some security headers, but it won't enable
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
lter-class>
true
httpHeaderSecurity
/*
to enable some security headers, but it won't enable Content
Security Policy header. Is there anyway to enable Content Security
Policy at top server level???
What were
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 11/2/17 9:35 AM, André Warnier (tomcat) wrote:
> You seem to be responding on the wrong thread, but here are some
> answers anyway (will save Christopher some typing)
(I was trying not to pollute this hijacked thread.)
> When tomcat
: Thursday, November 2, 2017 9:36 AM
To: users@tomcat.apache.org
Subject: Re: security headers
You seem to be responding on the wrong thread, but here are some answers
anyway (will save Christopher some typing)
On 02.11.2017 13:55, Cheltenham, Chris wrote:
> Mr. Shultz,
>
> I really apprec
Services
The School District of Philadelphia
Work # 215-400-5025
Cell # 215-301-6571
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, November 1, 2017 4:04 PM
To: users@tomcat.apache.org
Subject: Re: security headers
-BEGIN PGP SIGN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chris,
On 11/2/17 8:55 AM, Cheltenham, Chris wrote:
> Mr. Shultz,
>
> I really appreciate your detailed answers. Helps me out a lot.
>
> I am now thinking big picture because my application does not
> require APR.
Wrong thread?
- -chris
To: users@tomcat.apache.org
Subject: Re: security headers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alejandro,
On 11/1/17 3:37 PM, Alejandro Vargas M. wrote:
> Hello,
>
> I recently used on web.xml
>
> httpHeaderSecurity
> org.apache.catalina.filters.HttpHeaderSecuri
ity
> /*
>
> to enable some security headers, but it won't enable Content
> Security Policy header. Is there anyway to enable Content Security
> Policy at top server level???
What were you expecting that Filter to generate for you? A header
which disables everything? Not terrib
Hello,
I recently used on web.xml
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true
httpHeaderSecurity
/*
to enable some security headers, but it won't enable Content Security
Policy header. Is there anyway
On Thu, Sep 07, 2017 at 04:07:25PM +0530, Mohammad Nayeem wrote:
> We have installed apace and configured mod_jk connector along with a
> load-balancer for 2 tomcat servers.
>
> We were able to successfully start apache and we got the login page of our
> application hosted on it, but the
the exact same
functionality that we had without apache in the front?
Regards,
Mohammad Nayeem
-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 31 May 2017 16:38
To: Tomcat Users List <users@tomcat.apache.org>
Subject: [External] Re: Security Headers Implementation in
Hi Chris,
We currently have 7.0.42 version which does not support security headers,
so we have taken jar files from 7.0.63 and replaced with the those in
7.0.42 library folder. We were able to successfully start our tomcat
instance and we got the login page of our application hosted
Ghgfhch
Dygugjfbjg
Envoyé de mon smartphone BlackBerry 10.
Message d'origine
De: Christopher Schultz
Envoyé: jeudi 8 juin 2017 18:43
À: users@tomcat.apache.org
Répondre à: Tomcat Users List
Objet: Re: [External] Re: Security Headers Implementation in Tomcat 6.x version
-BEGIN PGP SIGNED
way.
- -chris
> -Original Message- From: Olaf Kock
> [mailto:tom...@olafkock.de] Sent: 31 May 2017 16:38 To: Tomcat
> Users List <users@tomcat.apache.org> Subject: [External] Re:
> Security Headers Implementation in Tomcat 6.x version
>
> Am 29.05.2017 um 13:34
mcat Users List <users@tomcat.apache.org>
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x version
Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
> Hello Olaf,
>
> Thanks for your response!
>
> Based on your inputs, we are thinking to put Apache http
Am 02.06.2017 um 07:43 schrieb Shaik, Mohammad N.:
> Hi Chris, > > My actual requirement was to implement 7 HTTP headers, out of
> which
4 are implemented in "HttpHeaderSecurityFilter". The remaining 3 headers
(Content-Security-Policy, Public-Key-Pins, X-Robots-Tag) are not
addressed in any of
mp; 9 versions.
Is there any way that we implement these 3 headers in Tomcat?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 01 June 2017 19:59
To: users@tomcat.apache.org
Subject: Re: [External] Re: Security Headers Implementation
emember: Upgrade ASAP.
- -chris
> -Original Message- From: Christopher Schultz
> [mailto:ch...@christopherschultz.net] Sent: 31 May 2017 23:52 To:
> users@tomcat.apache.org Subject: [External] Re: Security Headers
> Implementation in Tomcat 6.x version
>
> Mohammad,
>
2017 23:52
To: users@tomcat.apache.org
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x version
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote:
> Can I simply use the JAR files from Tomcat 7 that contains executable
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote:
> Can I simply use the JAR files from Tomcat 7 that contains
> executable code of filter classes (security headers), and put them
> into corresponding location in Tomcat 6?
Definit
Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
> Hello Olaf,
>
> Thanks for your response!
>
> Based on your inputs, we are thinking to put Apache httpd in front of Tomcat
> 6 server, since our header configuration is going to be static.
>
> Can you please help us in identifying which version
Hi,
2017-05-31 13:37 GMT+03:00 Shaik, Mohammad N. <
mohammad.n.sh...@accenture.com>:
>
> Hi Chris,
>
> Can I simply use the JAR files from Tomcat 7 that contains executable
code of filter classes (security headers), and put them into corresponding
location in Tomcat 6?
I w
istopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: 30 May 2017 21:06
> To: users@tomcat.apache.org
> Subject: Re: Security Headers Implementation in Tomcat 6.x version
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mohammad,
>
> On 5/30/17 2:
Hi Chris,
Can I simply use the JAR files from Tomcat 7 that contains executable code of
filter classes (security headers), and put them into corresponding location in
Tomcat 6?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent
folder or under "WEB-INF" folder of my application?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 30 May 2017 21:06
To: users@tomcat.apache.org
Subject: Re: Security Headers Implementation in Tomcat 6.x versio
opher Schultz
> [mailto:ch...@christopherschultz.net] Sent: 29 May 2017 20:57 To:
> users@tomcat.apache.org Subject: Re: Security Headers
> Implementation in Tomcat 6.x version
>
> Mohammad,
>
> On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
>> Based on your inputs, we are think
share the location of the source package in
Tomcat 6 so that we can replace it with the one from Tomcat 7?
Regards,
Mohammad
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 29 May 2017 20:57
To: users@tomcat.apache.org
Subject: Re: Security Headers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mohammad,
On 5/29/17 7:34 AM, Shaik, Mohammad N. wrote:
> Based on your inputs, we are thinking to put Apache httpd in front
> of Tomcat 6 server, since our header configuration is going to be
> static.
This might not be a bad idea for a number
, it will be great if you can share some
guidelines on how to implement Apache in front of Tomcat.
Regards,
Mohammad Nayeem
-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 29 May 2017 13:53
To: users@tomcat.apache.org
Subject: Re: Security Headers Implementation
Am 29.05.2017 um 07:59 schrieb Shaik, Mohammad N.:
> We are using Tomcat 6.x version and we need to implement the following
> headers in our environment.
>
> Headers:
> 1) Strict-Transport-Security
> 2) Content-Security-Policy
>
> 7) X-Robots-Tag
>
> When I checked the Tomcat 6 version
If the technology is java/j2ee then you can implements some sort of servlet
filter where you can manipulate the HTTP response to add these headers for
each outgoing response. I believe other platforms like .Net should also
support similar feature to customize the request and response objects.
Hello,
Can someone please let me know if the following headers are compatible with
Tomcat 6.x version? If yes, then how do we enable them?
Headers:
1) Strict-Transport-Security
2) Content-Security-Policy
3) Public-Key-Pins
4) X-Frame-Options
5) X-XSS-Protection
6) X-Content-Type-Options
7)
Hello,
We are using Tomcat 6.x version and we need to implement the following headers
in our environment.
Headers:
1) Strict-Transport-Security
2) Content-Security-Policy
3) Public-Key-Pins
4) X-Frame-Options
5) X-XSS-Protection
6) X-Content-Type-Options
7) X-Robots-Tag
When I checked the
33 matches
Mail list logo
