The Installer configures the application such that all HTTP connections to the application are over SSL/TLS. In other words, all HTTP traffic will be prohibited; only HTTPS traffic will be allowed. It is highly recommended to enable this option is in a production environment, especially when WebLogic Server acts as the SSL terminator.

Ensure that the following snippet of code is present in the web.xml file of the web module.

Figure 4-3 Enforce the Usage of SSL

Description of "Figure 4-3 Enforce the Usage of SSL"

Recommendation:

Disable the compression of the data over SSL to avoid certain known security vulnerability.