You can enable HTTP Strict Transport Security (HSTSHTTP Strict Transport Security (HSTS) is a web security policy for protecting websites against protocol downgrade attacks and cookie hijacking.) to force browsers to connect securely via TLS or SSL when accessing the Application Studio user interface. Enabling HSTS involves editing an XML file to add some properties.
web.xml file at <install directory>/app-studio/apache-tomcat-<version>/webapps/appstudio/WEB-INF.JsonResponseFilter in the file.JsonResponseFilter. This placement is necessary so the HSTS filter processes all requests.<filter>
<filter-name>HstsFilter</filter-name>
<filter-class>com.axway.defence.servlet.http.HstsFilter</filter-class>
<init-param>
<param-name>httpsPort</param-name>
<param-value>443</param-value>
</init-param>
<init-param>
<param-name>maxAge</param-name>
<param-value>86400</param-value>
</init-param>
<init-param>
<param-name>includeSubdomains</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HstsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
httpsPort, maxAge and includeSubdomains. You might have to edit the values for your environment. The following describes the parameters.httpsPort
The port to forward HTTPS traffic.
maxAge
The maximum time in seconds that browsers recognize the HSTS policy.
includeSubdomains
Specifies whether subdomains of the requested domain also should recognize the policy.