Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 3F99B200D2B for ; Thu, 2 Nov 2017 13:56:02 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 3E27A160BE5; Thu, 2 Nov 2017 12:56:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5CE061609EE for ; Thu, 2 Nov 2017 13:56:01 +0100 (CET) Received: (qmail 13269 invoked by uid 500); 2 Nov 2017 12:55:59 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 13258 invoked by uid 99); 2 Nov 2017 12:55:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Nov 2017 12:55:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id E93CF1805B5 for ; Thu, 2 Nov 2017 12:55:58 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.798 X-Spam-Level: X-Spam-Status: No, score=0.798 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 1lFCPp91Yg4h for ; Thu, 2 Nov 2017 12:55:57 +0000 (UTC) Received: from mx4.philasd.org (mx4.philasd.org [170.235.1.167]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 14DF25FDE8 for ; Thu, 2 Nov 2017 12:55:57 +0000 (UTC) IronPort-PHdr: =?us-ascii?q?9a23=3A0Ojp0Ba9YYYGT31dyJTMyqT/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZrsSybnLW6fgltlLVR4KTs6sC0LuG9fi4EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRp?= =?us-ascii?q?OOv1BpTSj8Oq3Oyu5pHfeQtFiT6+bL9oMBm6sRjau9ULj4dlNqs/0AbCrGFSe+?= =?us-ascii?q?RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG81/9HktQPC?= =?us-ascii?q?TQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUjm58axlVAHnhz?= =?us-ascii?q?sGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSndbXstJVyJPHI28?= =?us-ascii?q?YIkSAeQPPuhXoJXyqVwJoxuiBAmiC/jiyiNRhn/5waE2zfgtHAPA0Qc9H9wOqn?= =?us-ascii?q?PUrNDtOascT+21zLfHzTHfb/xI3zf96JLHchU5rfqRQ79wcdDRyUg0Fw/Lk16d?= =?us-ascii?q?rpDqMC+V1usTt2ib8/RvVeSvi2E9rgF9uyagx8gwioTSnoIVylHE9SFjz4YuON?= =?us-ascii?q?K0Ukl7YcSrEJZJsSyRKoV4QsQnQ25yuSY6zKULuZGjfCgF1JQnwBnfa/icc4SS?= =?us-ascii?q?5RLjTumRLS9khHJ4ZL2/hAi98Ei6xu37TMm0305GoTRDktnNuXAN0gbc6smDSv?= =?us-ascii?q?dn+EeuxyqP2gbO4e9HOUA5jbfXJpw9zrIqiJYev0TOEjXrlEnskaObckcp9vC1?= =?us-ascii?q?5+nlfrnqvIGQOoF0hw3kL6gigNGzDOc8PwQWQmSW+/iw2Kf98UD3QLhGlOA6nr?= =?us-ascii?q?PHvJzEK8kWoLOyDRVP3YY58Rm/Ci+r0NEfnXYaMl1IYAmHj431O1HWJ/D4EOu/?= =?us-ascii?q?j0yskDh1w/DGOaXsApDRLnfZjLvscqxx61ZcyAoyydBQ/YlUBawbLPL0QE/xu8?= =?us-ascii?q?TUDh4/MwOq3+bqEMhx24ECVW6VHKOUPqPfvUWV6u41PuWBYI0YtC74K/c/5v7u?= =?us-ascii?q?iXE5mUUafamsxZYYdGy3HvR4LEWdfXrjnNEBEWcQsQo7VeDlllKDUSJIanaqX6?= =?us-ascii?q?I85zU7B5i9DYjeXIyth6aB3CijEp1Mem9GEkyMEWvvd4icRvcMczydItV6kjEf?= =?us-ascii?q?SbihTIoh2g20uw/m0bZoNPLU9TcEupLjytd5/erTlQs99W88M8PImV2KSmp9gi?= =?us-ascii?q?s1XDIsx+hboFdhgB/XzLN1medwCdtW7PpVFA4iPJXcwqp9Ed+kCSzbedLcAn2m?= =?us-ascii?q?T9G6DDcxR9d1i/QOeUdmUZ32hRvD0i62DrkVnrnOCYwo2rrc3nz4PMo7zGzJgv?= =?us-ascii?q?pyx2I6S9dCYDX1zpV08BLeUsuQyx2U?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2GkAQBCFftZkMUB66pZAxoBAQEBAgEBA?= =?us-ascii?q?QEIAQEBAYQYbicHg3aLE44ngXyWRYIRIgeFHAKETkAXAQEBAQEBAQEBAQIQAQE?= =?us-ascii?q?BARQRKC+COCQBDUYsAQEBAQEBAQEBIwEBAQEBASMCDTcmAQEBAQMIAhkFJjcBA?= =?us-ascii?q?wIBCBEEAQEBAgIjAwICGRgVCQgCBAgHBAEKBQ0EigIFqHKBbziLFwEBAQcBAQE?= =?us-ascii?q?BASOBD4IfggeBVIQFGHWDIoFZNyaCToJiBYomhziQKQYCh2SQCpA+jGFziXkCI?= =?us-ascii?q?AE1gW6BB4M1CUGCEREMggNbCIwqAYEQAQEB?= X-IPAS-Result: =?us-ascii?q?A2GkAQBCFftZkMUB66pZAxoBAQEBAgEBAQEIAQEBAYQYbic?= =?us-ascii?q?Hg3aLE44ngXyWRYIRIgeFHAKETkAXAQEBAQEBAQEBAQIQAQEBARQRKC+COCQBD?= =?us-ascii?q?UYsAQEBAQEBAQEBIwEBAQEBASMCDTcmAQEBAQMIAhkFJjcBAwIBCBEEAQEBAgI?= =?us-ascii?q?jAwICGRgVCQgCBAgHBAEKBQ0EigIFqHKBbziLFwEBAQcBAQEBASOBD4IfggeBV?= =?us-ascii?q?IQFGHWDIoFZNyaCToJiBYomhziQKQYCh2SQCpA+jGFziXkCIAE1gW6BB4M1CUG?= =?us-ascii?q?CEREMggNbCIwqAYEQAQEB?= X-IronPort-AV: E=Sophos;i="5.44,334,1505793600"; d="scan'208";a="5924784" Received: from mta04.philasd.org ([170.235.1.197]) by mx4.philasd.org with ESMTP; 02 Nov 2017 08:50:42 -0400 Received: from mta04.philasd.org (localhost [127.0.0.1]) by mta04.philasd.org (Postfix) with ESMTPS id 16E911201FB for ; Thu, 2 Nov 2017 08:55:50 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mta04.philasd.org (Postfix) with ESMTP id 0ACEB1201E2 for ; Thu, 2 Nov 2017 08:55:50 -0400 (EDT) X-Virus-Scanned: amavisd-new at mta04.philasd.org Received: from mta04.philasd.org ([127.0.0.1]) by localhost (mta04.philasd.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id KWkM6menNlyq for ; Thu, 2 Nov 2017 08:55:49 -0400 (EDT) Received: from mail02.philasd.org (unknown [170.235.1.223]) by mta04.philasd.org (Postfix) with ESMTP id E7C6B1200C4 for ; Thu, 2 Nov 2017 08:55:49 -0400 (EDT) From: "Cheltenham, Chris" To: "Tomcat Users List" References: <89de0a95-f7ff-cbc3-6e65-aca3b25ade9e@kymsolutions.com> In-Reply-To: Subject: RE: security headers Thread-Topic: security headers Date: Thu, 2 Nov 2017 08:55:49 -0400 (EDT) Message-ID: <002c01d353d9$e8978890$b9c699b0$@philasd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Mailer: Microsoft Outlook 16.0 X-Mailer: Zimbra 8.6.0_GA_1194 (Zimbra-ZCO/8.7.1.1661 (10.0.10586 en-US) P1fd8 T1688 R275) Thread-Index: AQKqo4o94adrupAKs8NC2j0nN7T67QD+1hzaoUp0RzA= Content-Language: en-us X-Originating-IP: [170.235.1.189] Content-Transfer-Encoding: quoted-printable archived-at: Thu, 02 Nov 2017 12:56:02 -0000 Mr. Shultz, I really appreciate your detailed answers. Helps me out a lot. I am now thinking big picture because my application does not require APR= . May I ask this , what exactly does APR give me for apache-tomcat? I am thinking to scrap the whole APR install. The reason I am trying to install it is because of my anal need to have=20 clean logs. I can=E2=80=99t stand any messages suggesting or recommending that I do t= his or=20 that. I have always tried to accommodate those recommendations. However, in this case it may be the best to ignore the catalane log messa= ge=20 saying that I should install APR. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -----Original Message----- From: Christopher Schultz [mailto:chris@christopherschultz.net] Sent: Wednesday, November 1, 2017 4:04 PM To: users@tomcat.apache.org Subject: Re: security headers -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alejandro, On 11/1/17 3:37 PM, Alejandro Vargas M. wrote: > Hello, > > I recently used on web.xml > > httpHeaderSecurity > org.apache.catalina.filters.HttpHeaderSecurityFilter > > true > > httpHeaderSecurity > /* > > to enable some security headers, but it won't enable Content Security > Policy header. Is there anyway to enable Content Security Policy at > top server level??? What were you expecting that Filter to generate for you? A header which=20 disables everything? Not terribly useful. My recommendation would be to use something like url-rewrite[1] to add=20 headers to every outgoing response. url-rewrite has very similar=20 capabilities to httpd's mod_headers (and much more, of course). - -chris [1] http://tuckey.org/urlrewrite/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAln6KJkACgkQHPApP6U8 pFjuWRAAilRKahVEge71VBJrhragUyZuKR/uqEwfwpYj9Zq5DzI3I0JT6jwD8kwE //iuxBgDroVH/Xedn9oiMen9u1wSpf4p4fCQY0xcP99l6QnlgReimEM7Aoi24hTc WFgYlA2DVsKvmU0qjaI8HQoBrN+n8A+4Qhxu4fj5knNT1Sk1KppYDl/l6bkaI3Lc oPAvbYJbR2OV9SwCBoKFNjEPZwK9kTZhAr74gbErS/OZHcQAynZjHPcYl4+2K6Uj 98T3VKu6NIif5g3ry6TA9YYe5Dn3DyqBkY6wlAI91gRn7KjESDcJPcCiYglYDHqP 37ZdcP6LPmySFlBaug5E9811lyKIHnkpv/0OTaFM3AH0sulazBvLu38Ea5yeZQFC CofoYTMAY8KAlfwzKn+3RhTTQA8lmKHF/dVxQBRqP3vbN/+KU1KzqZmn2Q6KoYH+ Lf+gMJjeLE/0/8X9CnTaFPkmg7VbYgGmhGzgFkD85YTswT962L8M5evG1xdHaNiM ZZDEeYLWC/Cjdqvht3zQ0gvmI35pI1q2K/fnYb+mrV0eIi/rcosz99GQVpTTqS58 wCtIAKLChLuxuWoGp0+1+sI0ugwn9RmsIft34QBM1Us/FxGYc0Ou5VpBHE0JeYG8 G8RjZ+9eonM5ScwPrAZKZ7pd6qfCHY24/OvK6vT4HbRdqJbvWT8=3D =3Dj1H+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org