Using the Web Admin UI.
Go into the server you want to update.
Under "Server Properties"
Select "HTTP Responses".
Select "Response Headers"
In the Response Headers Section click "Add".
I added the header name "X-Content-Type-Options" with the value "nosniff", left the condition as always and selected "continue".
This is what got added to the httpd.conf file:
Header always Set X-Content-Type-Options nosniff
The other option for the "Condition" was "Successful responses" and choosing that adds this to the httpd.conf file:
Header onsuccess Set X-Content-Type-Options nosniff
I manually set this value in the httpd.conf file and it appears to follow the "always" configuration:
Header Set X-Content-Type-Options nosniff
After saving and restarting the apache instance, I found that the Response Headers contained
X-Content-Type-Options: nosniff
I see the value in the Response Headers in both chrome and firefox.
You do not need run a LoadModule, the directive is available by default.
If you still don't see it, then I'd suggest adding the header through the Web Admin UI and see if IBM adds something new to the config file.
--
Chris Hiebert
Senior Programmer/Analyst
Disclaimer: Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Tom Hightower
Sent: Tuesday, November 29, 2022 5:27 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: How do I set a couple of HTTP headers?
Ok, so I've added these 2 lines to the top of my Apache config file:
LoadModule headers_module modules/mod_headers.so
Header set X-Content-Type-Options nosniff
And tried to restart the server. The server doesn't seem to like that first line and won't restart until I remove it. It takes the 2nd line, but I can't see that it's doing anything - I'm not seeing the 'nosniff' listed in the Headers when I look at our pages in Chrome Developer mode.
We're running 7.4...
Thanks
TomH
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.