Am 29.05.2017 um 07:59 schrieb Shaik, Mohammad N.: > We are using Tomcat 6.x version and we need to implement the following > headers in our environment. > > Headers: > 1) Strict-Transport-Security > 2) Content-Security-Policy > .... > 7) X-Robots-Tag > > When I checked the Tomcat 6 version webpage > (https://tomcat.apache.org/tomcat-6.0-doc/config/filter.html), I don't see > any filters that implement any these headers. Some of them are available in > Tomcat 7 version webpage > (https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html), but we cannot > upgrade to Tomcat 7.x version due to some constraints. > > Can you kindly guide me how to implement these headers in Tomcat 6.x version. > All your comments on this topic are welcome. As tomcat 6 is solid out of service for almost half a year already (see http://tomcat.apache.org/tomcat-60-eol.html), you're between a rock and a hard place: Invest in a platform that's a potential security threat (it won't get any more updates) or invest in an upgrade.
That out of the way, for most cases, just have an Apache httpd in front of tomcat and use its magic to tag most of your headers. For many it will be static configuration. If there's anything dynamic that you need, implement a servlet filter that just does the job. Hardcode it - you don't need a lot of configuration if you come up with a solution that's just used within your premises. If you have multiple web applications that all need the same filter, deploy the filter on all of them. Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
