- 17 -
4.10 Configuring the Application Server for HTTP
The Application Server should be configured for HTTPS-only operation for the most secure operation.
However, it can operation in HTTP mode. By default, the HTTP protocol is only available to users and
components operating on the same server as the Application Server (using localhost). To change
this so that the HTTP protocol is available for use over a network, perform the configuration changes
shown below.
1. Using a text editor, open file domain.xml. By default, it is located in "C:\Program
Files\AudioCodes\SmartTAP\AS\domain\configuration\domain.xml”. Find the section
illustrated below and make the highlighted changes.
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-
server="default-server" default-virtual-host="default-host"
default-servlet-container="default" default-security-domain="other"
statistics-enabled="${wildfly.undertow.statistics-
enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" max-post-
size="20971520" max-header-size="65536" max-parameters="30000"
redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-post-
size="20971520" max-header-size="65536" max-parameters="30000"
security-realm="SslRealm" enable-http2="true" enabled-
protocols="TLSv1.2" enabled-cipher-
suites="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AE
S_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<http-invoker security-realm="ApplicationRealm"/>
<!-- CORS Configuration -->
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
<filter-ref name="Access-Control-Max-Age"/>
<!-- Clickjacking Configuration -->
<filter-ref name="Content-Security-Policy"/>
<filter-ref name="x-content-type-options"/>
<filter-ref name="hsts-header"/>
<filter-ref name="x-frame-options"/>
<filter-ref name="x-xss-protection"/>
<!-- in case the system is not configured to https then
remove the samesite-cookie -->
<filter-ref name="samesite-cookie"/>
<!-- in case the system is not configured to https then set
http-only and secure to false-->
<single-sign-on path="/" http-only="false" secure="false"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<!-- in case the system is not configured to https then set
http-only and secure to false-->
<session-cookie http-only="false" secure="false"/>
<websockets/>