如何设置IBM HTTP Server的响应标头

Question

我想在我的应用程序Web服务器端设置响应标头，以使我的cookie“安全”和“安全”。

可以指导我如何实现这一目标。 如果我们进行这些更改，是否会对在HTTPS上运行的应用程序产生任何影响。

Answer 1

IHS（这是基于Apache）的httpd.conf

<Location /your-app> 
    SetHandler server-status 
    Order deny,allow 
    Allow from all 
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure 
</Location> 

其中/你 - 应用程序 - 您的应用程序

的背景根源是：

Servers > Server Types > WebSphere application servers > YOUR-APP > Web Container Settings > Web container: Custom Properties> New 
Name: com.ibm.ws.webcontainer.HTTPOnlyCookies; 
Value: JsessionID 

Servers > Server Types > WebSphere application servers > YOUR-APP > Session management > Enable Cookies link. Requires use of SSL protocol. 

可能有一些（取决于它是如何开发的）

例如：

# 
# Allow server status reports generated by mod_status, 
# with the URL of http://servername/server-status 
# Change the ".example.com" to match your domain to enable. 
# 
<IfModule mod_status.c> 
<Location /server-status> 
    SetHandler server-status 
    Order deny,allow 
    Deny from all 
# Add an "Allow from" directive to provide access to the server status page. 
# 
# Examples: 
# 
# 1. Allow any client with hostname *.example.com to view the page. 
# 
# Allow from .example.com 
# 
# 2. Allow the local machine to view the page using the loopback address. 
# 
# Allow from 127.0.0.1 
# 
# 3. Allow any machine on the local network to view the page. 
# 
# Allow from 192.168.1 
</Location> 
</IfModule> 

... 

##### NON-DEFAULT ##### 

<Location /xxx> 
    SetHandler server-status 
    Order deny,allow 
    Allow from all 
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure 
</Location> 

<VirtualHost *:80> 
</VirtualHost> 

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so 
Listen 443 
Listen 4469 

<VirtualHost *:443 *:4469> 
SSLEnable 
Keyfile /root/keys/web1-key-db.kdb 
SSLStashfile /root/keys/web1-key-db.sth 
</VirtualHost> 

#####/NON-DEFAULT ##### 

...