2.10 Adding HTTP Strict Transport Security

  1. Change to the Tomcat configuration directory:

    Linux: /opt/novell/nam/adminconsole/conf

    Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

  2. Open the web.xml file and add httpHeaderSecurity filter definition.

    <filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
</filter>

  3. Add an appropriate maximum age value:

    <init-param>
    <param-name>hstsMaxAgeSeconds</param-name>
    <param-value>31536000</param-value>
</init-param>

  4. Add the filter mapping.

    <filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

For more information, see Section 7.4, Adding HTTP Strict Transport Security.