How to enable HTTP Strict-Transport-Security (HSTS) in Continuity Engine Management Service
Summary
This Knowledgebase article provides information about how to enable HTTP Strict-Transport-Security (HSTS) in Continuity Engine Management Service
The HTTP HSTS is a mechanism that allows websites to declare that they can be only accessed via secure connection (HTTPS). The mechanism is specified by the RFC6797, and it uses the response header Strict-Transport-Security to inform user agents (UAs) about the secure policy required by the website.
Procedure
To enable HTTP Strict-Transport-Security (HSTS):
On the Engine Management Server:
- Stop Neverfail Engine Management Web Services service.
- Open in a text editor the configuration file "C:\Program Files\Neverfail\tomcat\apache-tomcat-x.x.xx\conf\web.xml"
- Search for the httpHeaderSecurity filter and modify/update the values like this (make sure you also uncomment the filter):
- ...edit...edit<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter> - Localize the “httpHeaderSecurity“ filter-mapping section and uncomment it. Resulting text should be like this:
- ...edit...edit<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping> - Save the file and start the Neverfail Engine Management Web Services service.
- The edited settings will add in the EMS API response headers the following 3 values:
Applies to
Neverfail Continuity Engine Management Service up to v15
Related Articles
Neverfail Security Policy Regarding Continuity Engine
Summary This Knowledge Base article provides information on Neverfail's policy regarding cyber security. UPDATED: September 2025 More Information Neverfail takes security very seriously. In light of many of the news worthily incidents (and the ...Welcome to Continuity Engine 16 - What's New
Continuity Engine 16 This release supersedes Continuity Engine v15. What's New EMS Alerting based on Managed Server Telemetry The first chapter in unlocking advanced monitoring and alerting is to enable our new telemetry service, which will ...Neverfail Continuity Engine 16 Release Notes
Summary The following information applies to the v16 release of Continuity Engine. Continuity Engine 16 This release supersedes Continuity Engine v15. What's New EMS Alerting based on Managed Server Telemetry The first chapter in unlocking advanced ...Engine Management Service API
Summary This knowledgebase article provides information about Engine Management Service (EMS) API: frequently used API endpoints (applicable to all supported CE versions) procedure for enabling, capturing and viewing Swagger API documentation (valid ...How to enable DEBUG level logging on Neverfail Continuity Engine Management Service
Summary This Knowledgebase article provides information about how to enable DEBUG level logging on Neverfail Continuity Engine Management Service. Procedure To enable DEBUG level logging on Neverfail Continuity Engine Management Service: On the ...