HSTS Configuration for AutoSys Webserver
search cancel

HSTS Configuration for AutoSys Webserver

book

Article ID: 216470

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Configure HSTS security header for AutoSys Webserver running on port 9443?

 

Environment

AutoSys releases 24.0.1 and below only.  

AutoSys 24.1.x and above uses Tomcat 11 where this filter described in this document is not valid anymore.

Resolution

HSTS can be enabled for AutoSys WebServer via a filter through a configuration file.

  • Backup $AUTOUSER/webserver/conf/web.xml and then edit the original file

  • Find the snippet - 

<!--

    <filter>

        <filter-name>httpHeaderSecurity</filter-name>

        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

        <async-supported>true</async-supported>

    </filter>

-->

  •  Append the following right above/after (Do not uncomment the original) - 

<filter>

  <filter-name>httpHeaderSecurity</filter-name>

  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>

  <async-supported>true</async-supported>

  <init-param>

    <param-name>antiClickJackingEnabled</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>hstsEnabled</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>hstsMaxAgeSeconds</param-name>

    <param-value>31536000</param-value>

  </init-param>

  <init-param>

    <param-name>hstsIncludeSubDomains</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>hstsPreload</param-name>

    <param-value>true</param-value>

    </init-param>

  <init-param>

    <param-name>xssProtectionEnabled</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>blockContentTypeSniffingEnabled</param-name>

    <param-value>true</param-value>

  </init-param>

</filter>

  • Find and uncomment the snippet - 

<!-- <filter-mapping>

        <filter-name>httpHeaderSecurity</filter-name>

        <url-pattern>/*</url-pattern>

        <dispatcher>REQUEST</dispatcher>

    </filter-mapping>

-->

(Remove the comments(<!-- and -->)  around the snippet)

  • Save the file

  • Restart service waae_webserver.$AUTOSERV

Additional Information

Undo the changes above before upgrade to AutoSys 24.1.x releases or perform the change documented here after upgrade to 24.1.x

Powered by Wolken Software