如何设置IBM HTTP Server的响应标头

Question

我想在我的应用程序Web服务器端设置响应头，以使cookie成为“ httponly”和“ secure”。

可以指导我如何实现这一目标。 如果我们进行了这些更改，将会对运行在HTTPS上的应用程序产生任何影响。

Answer 1

IHS（基于Apache）httpd.conf

<Location /your-app>
    SetHandler server-status
    Order deny,allow
    Allow from all
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</Location>

/ your-app-应用的上下文根

WAS：

Servers > Server Types > WebSphere application servers > YOUR-APP > Web Container Settings > Web container: Custom Properties> New
Name: com.ibm.ws.webcontainer.HTTPOnlyCookies; 
Value: JsessionID

Servers > Server Types > WebSphere application servers > YOUR-APP > Session management > Enable Cookies link. Requires use of SSL protocol.

您的应用程序中可能存在一些问题（取决于开发方式）

例：

#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Change the ".example.com" to match your domain to enable.
#
<IfModule mod_status.c>
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
# Add an "Allow from" directive to provide access to the server status page.
#
# Examples:
#
# 1. Allow any client with hostname *.example.com to view the page.
#
# Allow from .example.com
#
# 2. Allow the local machine to view the page using the loopback address.
#
# Allow from 127.0.0.1
#
# 3. Allow any machine on the local network to view the page.
#
# Allow from 192.168.1
</Location>
</IfModule>

...

##### NON-DEFAULT #####

<Location /xxx> 
   SetHandler server-status 
   Order deny,allow 
   Allow from all 
   Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure 
</Location> 

<VirtualHost *:80>
</VirtualHost>

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
Listen 4469

<VirtualHost *:443 *:4469>
SSLEnable
Keyfile /root/keys/web1-key-db.kdb
SSLStashfile /root/keys/web1-key-db.sth
</VirtualHost>

#####/NON-DEFAULT #####

...