How to enable HTTP Strict Transport Security (HSTS) for ConnectAll.

ConnectAll 3.8.x

To enable HSTS Configuration in ConnectAll, follow below steps:

• Stop the connectall-ui service
• Go to /opt/ConnectALL/UI/tomcat/conf
• Backup the web.xml and server.xml
• Edit the web.xml and enable HSTS filters as follows:

<!-- Set to true to enable blocking of Content Type Sniffing -->

<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param> 
<param-name>blockContentTypeSniffingEnabled</param-name> 
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>

• Edit the server.xml and add the hsts connector configuration as follows:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150"

SSLEnabled="true"

scheme="https"

secure="true"6. 7. 8. clientAuth="false"

sslProtocol="TLS"

keystoreFile="/opt/ConnectALL/UI/tomcat/conf/Keystore.jks"

keystorePass="changeit"

/>

• Start the tomcat service , check hsts status using curl command

 curl -s -I -L https://<ConnectAll Server IP or DNS>:8443/ConnectAll

• In Output Strict-Transport-Security enabled can be seen:

• Connectall will be accessing from port 8443 with valid certs.

• Please create Keystore.jks from using valid wild cards.
• Please note that this won't be persisted and every release upgrade above configuration steps need to perform again