Enabling HSTS for the DCS 6.9.x Management Server
search cancel

Enabling HSTS for the DCS 6.9.x Management Server

book

Article ID: 387156

calendar_today

Updated On:

Products

Data Center Security Monitoring Edition Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

How to enable HTTP Strict Transport Security (HSTS) for DCS over port 443, 4443, and 8443

Note: Enabling HSTS is not required as DCS does not use HTTP for any listener. All connections require TLS.

Environment

DCS 6.9.x

Resolution

To enable HSTS in Tomcat, follow below steps:

  1. Stop the DCS Management server service and both UMC services

  2. Take a backup of configuration file <server_install_dir>/tomcat/conf/web.xml

  3. Open the <server_install_dir>/tomcat/conf/web.xml file in a text editor like notepad++ or similar

    Search for the httpHeaderSecurity <filter> definition section and the <filter-mapping> section, as shown below.
    (In total, you will need to uncomment ‘httpHeaderSecurity’ at 2 places in the file)
    • Filter definition section Example:
      Default Values


      New values after uncommenting


    • Built In Filter Mappings section Example:
      Default Values

      New values after uncommenting

  4. Save the file

  5. Start the DCS Management server service and then the two UMC Services
Powered by Wolken Software