OHS HSTS – Add Strict-Transport-Security Header

Missing Strict-Transport-Security header may opens the potential for a man-in-the-middle attack, where the redirect could be exploited to direct a user to a malicious site instead of the secure version of the original page.

This post covers adding Strict-Transport-Security header to OHS.

Edit $INSTANCE_HOME/INSTANCE_NAME/config/OHS/INSTANCE_NAME/httpd.conf

Add below line

Header set Strict-Transport-Security “max-age=63072000; includeSubdomains;”

Restart OHS

Verify
3

And to redirect visitors to https, you can add below line

Redirect permanent / https://example.com/

Advertisements

Weblogic Security Realm WLST import and export

Export
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.exportData(‘DefaultAtn’,’/u01/export/export.ldif’, Properties())

 

Import
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.WLST
connect(‘weblogic’,’weblogic’, ‘t3://adminhostname:7001’)
domainRuntime()
cd(‘/DomainServices/DomainRuntimeService/DomainConfiguration/IDMDomain/SecurityConfiguration/IDMDomain/DefaultRealm/myrealm/AuthenticationProviders/DefaultAuthenticator’)
cmo.importData(‘DefaultAtn’,’/u01/export/import.ldif’, Properties())