× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



That's what I've done and 2 of our 3 servers have passed the audit check. The third one looks like needs some SSL/TLS tweaking (to match our other SSL-enabled server).

The line I've added to the config files is:

Header always Set X-Content-Type-Options nosniff

I tried it without the 'always' but it failed the audit scan.

Thanks!
TomH
________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Hiebert, Chris <chris.hiebert@xxxxxxxxxxxxxx>
Sent: Wednesday, November 30, 2022 4:36 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: How do I set a couple of HTTP headers?

I tested this on V7R3.

Using the Web Admin UI.
Go into the server you want to update.

Under "Server Properties"
Select "HTTP Responses".
Select "Response Headers"

In the Response Headers Section click "Add".

I added the header name "X-Content-Type-Options" with the value "nosniff", left the condition as always and selected "continue".

This is what got added to the httpd.conf file:

Header always Set X-Content-Type-Options nosniff

The other option for the "Condition" was "Successful responses" and choosing that adds this to the httpd.conf file:

Header onsuccess Set X-Content-Type-Options nosniff


I manually set this value in the httpd.conf file and it appears to follow the "always" configuration:

Header Set X-Content-Type-Options nosniff


After saving and restarting the apache instance, I found that the Response Headers contained
X-Content-Type-Options: nosniff

I see the value in the Response Headers in both chrome and firefox.

You do not need run a LoadModule, the directive is available by default.


If you still don't see it, then I'd suggest adding the header through the Web Admin UI and see if IBM adds something new to the config file.

--
Chris Hiebert
Senior Programmer/Analyst
Disclaimer: Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.

From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Tom Hightower
Sent: Tuesday, November 29, 2022 5:27 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: How do I set a couple of HTTP headers?


Ok, so I've added these 2 lines to the top of my Apache config file:



LoadModule headers_module modules/mod_headers.so

Header set X-Content-Type-Options nosniff



And tried to restart the server. The server doesn't seem to like that first line and won't restart until I remove it. It takes the 2nd line, but I can't see that it's doing anything - I'm not seeing the 'nosniff' listed in the Headers when I look at our pages in Chrome Developer mode.



We're running 7.4...



Thanks

TomH


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fmidrange-l&amp;data=05%7C01%7Ctomh%40idocket.com%7Ca9ba20523bdd46c3c01c08dad323695c%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638054446345207891%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=USBjpYEoYVn%2BBRNOBUGB3EA0MAsVib41RNHn%2FRsDjTw%3D&amp;reserved=0
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fmidrange-l&amp;data=05%7C01%7Ctomh%40idocket.com%7Ca9ba20523bdd46c3c01c08dad323695c%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638054446345207891%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=O7QvSMOMva5Bkp4E9y1V2RGQ6NbR9EgejmQcpgmvlZY%3D&amp;reserved=0.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Famazon.midrange.com%2F&amp;data=05%7C01%7Ctomh%40idocket.com%7Ca9ba20523bdd46c3c01c08dad323695c%7Ccfcc5bb848014360aa721ecceeb7d0b3%7C0%7C0%7C638054446345207891%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=YuToHZUe6%2FwcAZL9qi6LDgzRhHV8YF4COCr3lV7cnJA%3D&amp;reserved=0

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.