Enable HTTP Strict Transport Security (HSTS) in Identity Management servers
Issue
- Security scanning discovers that
80
,443
,8080
and8443
are active and response to http(s) requests. - Security team requests to enable
Strict-Transport-Security
HTTP header in all HTTP running services.
Environment
- Red Hat Enterprise Linux (RHEL) 7
- Red Hat Enterprise Linux (RHEL) 8
- Red Hat Identity Management (IdM) / FreeIPA
- httpd
- pki-tomcat
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.