Difference between revisions of "Tomcat hardening"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 2: Line 2:


=== Secure headers ===
=== Secure headers ===
in the SERVER web.xml (<tomcat>\conf\web.xml) add the following sections
In the SERVER web.xml (<tomcat>\conf\web.xml) add the following sections
 
  <filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
 
  <filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>


=== CRSF filter ===
=== CRSF filter ===

Revision as of 09:20, 7 February 2018


Secure headers

In the SERVER web.xml (<tomcat>\conf\web.xml) add the following sections 

 <filter>
   <filter-name>httpHeaderSecurity</filter-name>
   <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
   <async-supported>true</async-supported>
 </filter>

 <filter-mapping>
   <filter-name>httpHeaderSecurity</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>

CRSF filter

In the APPLICATION web.xml (<tomcat>\webapps\<app>\WEB_INF\web.xml) add the following sections 

 <filter>
   <filter-name>CsrfFilter</filter-name>
   <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
   <init-param>
     <param-name>entryPoints</param-name>
     <param-value>/login, /login.do</param-value>
   </init-param>
 </filter>

 <filter-mapping>
   <filter-name>CsrfFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>
Retrieved from "https://wiki.tempusserva.dk/index.php?title=Tomcat_hardening&oldid=4611"