Enabling HTTP Strict Transport Security (HSTS)

Overview

To enable HTTP Strict Transport Security (HSTS):

    1. Stop Cascade CMS.
    2. Edit the file tomcat/conf/web.xml.
    3. Add the following just before the closing </web-app> tag: 

      <filter>
  <filter-name>httpHeaderSecurity</filter-name>
  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
  <async-supported>true</async-supported>
  <init-param>
    <param-name>hstsEnabled</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>hstsMaxAgeSeconds</param-name>
    <param-value>31536000</param-value>
  </init-param>
  <init-param>
    <param-name>hstsIncludeSubDomains</param-name>
    <param-value>true</param-value>
  </init-param>
</filter>
      <filter-mapping>
  <filter-name>httpHeaderSecurity</filter-name>
  <url-pattern>/*</url-pattern>
  <dispatcher>REQUEST</dispatcher>
</filter-mapping>
    4. Save the file
    5. Start Cascade CMS

See the official Apache Tomcat documentation for additional information. 

Tip: Be sure to document any changes you make to the web.xml file so that you can put them back in place after any future upgrades to the application.