Login/Register
  • Home
  • Community
  • Knowledge
  • Technical Docs
  • RWS Support Policy
  • Trados Studio Licensing Help
  • Login for Support
Back to Search Results

WorldServer - How to enable HTTP Strict Transport Security in WorldServer (with Tomcat 9)

000019175 |3/18/2024 10:14 AM
Scope/Environment
WorldServer
Question
How to enable HTTP Strict Transport Security in WorldServer (with Tomcat 9)?
 
Answer

To enable HSTS in Tomcat 9.0, follow the below steps:

1- Stop Idiom Run service.
2- Take a backup of configuration file <WS_install_dir>/tomcat/conf/web.xml
3- Open the <WS_install_dir>/tomcat/conf/web.xml file in a text editor.
4- Uncomment the httpHeaderSecurity filter definition. Here is what the commented-out httpHeaderSecurity filter definition looks like: 
<!--
    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <async-supported>true</async-supported>
    </filter>
-->
 

5- After commenting it out, modify the  "httpHeaderSecurity" section so it looks like this:

<filter>
   <filter-name>httpHeaderSecurity</filter-name>
   <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
   <async-supported>true</async-supported>
   <init-param>
       <param-name>hstsEnabled</param-name>
       <param-value>true</param-value>
   </init-param>
   <init-param>
       <param-name>hstsMaxAgeSeconds</param-name>
       <param-value>31556927</param-value>
   </init-param>
   <init-param>
       <param-name>hstsIncludeSubDomains</param-name>
       <param-value>true</param-value>
   </init-param>
   <init-param>
       <param-name>antiClickJackingOption</param-name>
       <param-value>SAMEORIGIN</param-value>
   </init-param>
</filter>


6- Uncomment the below section:

<!--
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
-->
so it now looks like this: 
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>


7- Save your changes, and start the Idiom/WorldServer service.

Note: the above filter values represent:

hstsEnabled (true) : HTTP Strict Transport Security (HSTS) header to be added to the response.
hstsMaxAgeSeconds (31556927) : The one year age value that should be used in the HSTS header.
hstsIncludeSubDomains (true) : The includeSubDomains parameter to be included in the HSTS header.
antiClickJackingEnabled (SAMEORIGIN): Adds the SAMEORIGIN value to be included in the HSTS header.
Reference

Apache Tomcat 9 Configuration Reference: Container Provided Filters
Attachments
web.xml

Send Article Feedback
RWS Machine Translation Translation Software Language Services Content Management
All Contents Copyright © RWS.
COPYRIGHT PRIVACY POLICY COOKIE POLICY TERMS AND CONDITIONS