Difference between revisions of "Tomcat hardening"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
Line 2: | Line 2: | ||
=== Secure headers === | === Secure headers === | ||
in the | in the SERVER web.xml (<tomcat>\conf\web.xml) add the following sections | ||
=== CRSF filter === | === CRSF filter === |
Revision as of 09:16, 7 February 2018
Secure headers
in the SERVER web.xml (<tomcat>\conf\web.xml) add the following sections
CRSF filter
In the APPLICATION web.xml (<tomcat>\webapps\<app>\WEB_INF\web.xml) add the following sections
<filter> <filter-name>CsrfFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/login, /login.do</param-value> </init-param> </filter>
<filter-mapping> <filter-name>CsrfFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>