Reputation: 475
Does OC4J support HTTP Strict Transport Security?
I am trying to set our OC4J servers to use HTTP Strict Transport Security, but when I add the following to the Apache confs I get a start up error:
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
The error I get is:
/tmsv10s/app/astens/product/10.1.3/OracleAS_1/Apache/Apache/bin/apachectl startssl: execing httpd Syntax error on line 1143 of /tmsv10s/app/astens/product/10.1.3/OracleAS_1/Apache/Apache/conf/httpd.conf: Header takes two or three arguments, an action, header and value
I've tried in ssl.conf and httpd.conf.
Any ideas?
Cheers, Steve
Upvotes: 0
Views: 222
Answers (2)
Reputation: 48357
Oc4j is the Java container technology, nothing to do with the webserver. Oracle 10g uses Apache 1.3 (and IIRC, extended support is due to run out soon). You can verify this by running httpd -v from the command line or checking the start up messages in the error_log.
You need to remove the extra word "always"
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains;"
Upvotes: 1
Reputation: 475
With the version of Apache which comes with OC4J, you need to use the following command:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
I added the command in the httpd.conf just before the virtual hosts and then restarted the server.
Upvotes: 0
Related Questions
- Does http protocol version "HTTP/1.1" include https?
- Does Apache or some other CLIENT JAVA implementation support HTTP/2?
- check for 4xx Http Code with native Java
- Non-standard HTTP methods and Apache Http Components
- HTTP/2 Support on Open Liberty
- OpenSTF API POST remoteConnect
- OC4J to WebLogic 12c migration and security configuration questions
- Is HTTP supported by OpenDJ 2.5.0 Express version?
- odata4j support for OData version 4.0
- calling a secured web service from oc4j 10g in linux environment