Adding Headers to DTP tomcat

David ChaconDavid Chacon Posts: 6 admin
edited January 9 in DTP

*This is custom work and is to be done at the users discretion. Incorrect implementation may prevent DTP from starting. BEFORE any manipulation to the web.xml, MAKE A COPY and store as a back up*

The following will walk through an example on how to add a few Security headers to your DTP tomcat web.xml:

First let us look at the response headers for a default DTP

Note there are no options. So now we will add some.

I. To start you want to locate the tomcat web.xml, this will be located in the following, {DTP_INSTALL_DIR}/dtp/tomcat/conf/
Here is housed the desired web.xml

II. Open the web.xml, locate and uncomment the following:

III. Below the uncommented section add the following:

IV. Save the web.xml and restart dtp services (using dtpconsole.sh if on Linux)

Stop and start the services.

V. Once restart, you can go to your DTP, and should see the responses; X-Frame-Options, X-XSS-Protection, and X-Content-Type-Options.

To get the exact response above an extra option will have to be added to the uncommented filter in step (II). Exact web.xml snip can be seen below

If you go back to your DTP and see the below message, simply press back and log back into DTP.

NOTE: It is important to remember that this is a normal tomcat and can be manipulated as such, addition of filters and options will follow tomcat convention.

Sign In or Register to comment.