Set Http Headers in Jetty 9.2.11 and Jetty 9.4.6
Set HTTP Headers in Jetty 9.2.11
Perform the below steps in the Jetty 9.2.11 Server
1. Open {Jetty-Home}/start.ini
2. Add below text in start.ini
--module=rewrite
3. Open {Jetty-Home}/etc/jetty-rewrite.xml
Search the following tag
<Set name="originalPathAttribute"> <Property name="rewrite.originalPathAttribute" default="requestedPath" /> </Set>
And add below this tag the following XML
<Set name="rules">
<Array type="org.eclipse.jetty.rewrite.handler.Rule">
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">X-XSS-Protection</Set>
<Set name="value">1; mode=block</Set>
</New>
</Item>
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">X-Content-Type-Options</Set>
<Set name="value">nosniff</Set>
</New>
</Item>
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src
'self' 'unsafe-inline'</Set>
</New>
</Item>
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">X-Frame-Options</Set>
<Set name="value">SAMEORIGIN</Set>
</New>
</Item>
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">Strict-Transport-Security</Set>
<Set name="value">max-age=31536000;includeSubDomains</Set>
</New>
</Item>
<Item>
<New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">*</Set>
<Set name="name">Public-Key-Pins</Set>
<Set name="value">pin-sha256="base64+primary==";pin-
sha256="base64+backup==";max-age=5184000;includeSubDomains</Set>
</New>
</Item>
</Array>
</Set>
4. Restart Jetty Server.
Perform the below steps in the Jetty 9.4.6 Server
1. Open {Jetty-Home}/start.ini
2. Add below test in start.ini
--module=rewrite
3. Open {Jetty-Home}/etc/jetty.xml
Add below XML
<New id="RewriteHandler" class="org.eclipse.jetty.rewrite.handler.RewriteHandler"> <Set name="rules"> <Array type="org.eclipse.jetty.rewrite.handler.Rule"> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-XSS-Protection</Set> <Set name="value">1; mode=block</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Content-Type-Options</Set> <Set name="value">nosniff</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Content-Security-Policy</Set> <Set name="value">script-src 'self' 'unsafe-inline' 'unsafe-eval'; style- src 'self' 'unsafe-inline'</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Frame-Options</Set> <Set name="value">SAMEORIGIN</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Strict-Transport-Security</Set> <Set name="value">max-age=31536000; includeSubDomains</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Public-Key-Pins</Set> <Set name="value">pin-sha256="base64+primary==";pin- sha256="base64+backup=="; max-age=5184000; includeSubDomains</Set> </New> </Item> </Array> </Set> </New>
Add the highlighted XML tag
<Set name="handler"> <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.eclipse.jetty.server.Handler"> <Item> <New id="Contexts" class="org.eclipse.jetty.server.handler.
ContextHandlerCollection" />
</Item> <Item> <New id="DefaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler" />
</Item> <Item> <Ref id="RewriteHandler" /> </Item> </Array> </Set> </New> </Set>
4. Restart the jetty server.
Set HTTP Headers in Jetty 9.4.6
Perform the below steps in the Jetty 9.4.6 Server
1. Open {Jetty-Home}/start.ini
2. Add below test in start.ini
--module=rewrite
3. Open {Jetty-Home}/etc/jetty.xml
Add below XML
<New id="RewriteHandler" class="org.eclipse.jetty.rewrite.handler.RewriteHandler"> <Set name="rules"> <Array type="org.eclipse.jetty.rewrite.handler.Rule"> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-XSS-Protection</Set> <Set name="value">1; mode=block</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Content-Type-Options</Set> <Set name="value">nosniff</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Content-Security-Policy</Set> <Set name="value">script-src 'self' 'unsafe-inline' 'unsafe-eval'; style- src 'self' 'unsafe-inline'</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">X-Frame-Options</Set> <Set name="value">SAMEORIGIN</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Strict-Transport-Security</Set> <Set name="value">max-age=31536000; includeSubDomains</Set> </New> </Item> <Item> <New id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule"> <Set name="pattern">*</Set> <Set name="name">Public-Key-Pins</Set> <Set name="value">pin-sha256="base64+primary==";pin- sha256="base64+backup=="; max-age=5184000; includeSubDomains</Set> </New> </Item> </Array> </Set> </New>
Add the highlighted XML tag
<Set name="handler"> <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.eclipse.jetty.server.Handler"> <Item> <New id="Contexts" class="org.eclipse.jetty.server.handler.
ContextHandlerCollection" />
</Item> <Item> <New id="DefaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler" />
</Item> <Item> <Ref id="RewriteHandler" /> </Item> </Array> </Set> </New> </Set>
4. Restart the jetty server.
Comments
Post a Comment