Help

Enable HSTS Tomcat

Ken_Edgar
New Contributor II

Posted on ‎12-01-2022 09:35 AM

Has anyone who is running on-prem Jamf been able to successfully configure and run with HSTS enabled?  If so, I'd love to see your configuration. The following will now load any sub-pages such as inventory or policies.

 

<filter>
  <filter-name>httpHeaderSecurity</filter-name>
  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
  <init-param>
    <param-name>hstsIncludeSubDomains</param-name>
    <param-value>true</param-value>
    <param-name>hstsMaxAgeSeconds</param-name>
    <param-value>31536000</param-value>
  </init-param>
    <async-supported>true</async-supported>
</filter>
  <filter-mapping>
  <filter-name>httpHeaderSecurity</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>REQUEST</dispatcher>
</filter-mapping>

0 Kudos
1 REPLY 1

RachelGomez1619
New Contributor III

Posted on ‎12-01-2022 09:15 PM

Steps to enable HSTS in Tomcat
Open the <Tomcat>/conf/web. xml file in a text editor.
Uncomment the httpHeaderSecurity filter definition and the <filter-mapping> section, and then add the hstsMaxAgeSeconds parameter, as shown below. 
Save the file.
Restart Tomcat.

Regards,

Rachel Gomez