[英]How do I set the charset portion of the Content-Type HTTP Header on an IBM HTTPD Server?
[英]how can I set the response header for IBM HTTP Server
我想在我的应用程序Web服务器端设置响应头,以使cookie成为“ httponly”和“ secure”。
可以指导我如何实现这一目标。 如果我们进行了这些更改,将会对运行在HTTPS上的应用程序产生任何影响。
IHS(基于Apache)httpd.conf
<Location /your-app>
SetHandler server-status
Order deny,allow
Allow from all
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</Location>
/ your-app-应用的上下文根
WAS:
Servers > Server Types > WebSphere application servers > YOUR-APP > Web Container Settings > Web container: Custom Properties> New
Name: com.ibm.ws.webcontainer.HTTPOnlyCookies;
Value: JsessionID
Servers > Server Types > WebSphere application servers > YOUR-APP > Session management > Enable Cookies link. Requires use of SSL protocol.
您的应用程序中可能存在一些问题(取决于开发方式)
例:
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
#
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
# Add an "Allow from" directive to provide access to the server status page.
#
# Examples:
#
# 1. Allow any client with hostname *.example.com to view the page.
#
# Allow from .example.com
#
# 2. Allow the local machine to view the page using the loopback address.
#
# Allow from 127.0.0.1
#
# 3. Allow any machine on the local network to view the page.
#
# Allow from 192.168.1
</Location>
</IfModule>
...
##### NON-DEFAULT #####
<Location /xxx>
SetHandler server-status
Order deny,allow
Allow from all
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</Location>
<VirtualHost *:80>
</VirtualHost>
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
Listen 4469
<VirtualHost *:443 *:4469>
SSLEnable
Keyfile /root/keys/web1-key-db.kdb
SSLStashfile /root/keys/web1-key-db.sth
</VirtualHost>
#####/NON-DEFAULT #####
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.