2015-10-29 23:03 GMT+03:00 Walsh, Joseph <jwa...@bnl.gov>: > Konstantin.... good afternoon .. > > my servers are being scanned by a "security Center" by Tenable-- > complaining --server is not returning x-frame-option heading -- > I can confirm this with Mozilla firebug.. > > within the tomcat\conf\web.xml file there is "built in filters" > > as I have configured below: (thinking maybe "syntax" in incorrect ? ) > I was hoping to see the response header change--and have the x-frame-option > added to it ... > > thank you > joe > [Apache Tomcat newbie]....
1. Rules: http://tomcat.apache.org/lists.html#tomcat-users -> 6. Don't top-post. 2. The conf/web.xml file provides default values for web.xml files of web applications. It is much better to configure a filter in a specific web application. > <filter> > <filter-name>httpHeaderSecurity</filter-name> > > <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> > <hstsEnabled>true</hstsEnabled> > <antiClickJackingEnabled>true</antiClickJackingEnabled> > <antiClickJackingOption>SAMEORIGIN</antiClickJackingEnabled> > <async-supported>true</async-supported> > </filter> 3. See Servlet Specification on how filters are configured. A <filter> element by itself is useless, unless it is accompanied by <filter-mapping> elements. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
