82
edits
Changes
From SME Server
Jump to navigationJump to search→Force Https: added section for HTTP Strict Transport Security
==Optional Addons & Settings==
==Optional Addons & Settings==
===Force Https===
===Security===
You can force https redirection whenever you use the http protocol:
====Require HTTPS====
You can force https redirection whenever you use the http protocol. See [[Https_redirection]] for more information.
In Owncloud versions prior to 8.1.1 you could also force https by checking 'Enforce HTTPS' in the Security section of the Admin section.
====Strict Transport Security====
Starting with ownCloud version 8.1.1, the admin panel may display this warning:
The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
A resolution for this was presented in forum thread [http://forums.contribs.org/index.php/topic,51916.0.html owncloud 8.1,1, Strict-Transport-Security and SME 9], in which mmccarn suggested to minor changes.
First, verify that the Apache headers module is loaded. You can look in the file httpd.conf for "LoadModule headers_module modules/mod_headers.so". Also, Xavier.A offered the command,
apachectl -t -D DUMP_MODULES 2>&1 | grep header
as a way to check for the module.
The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools avaialble on the web.
===User login and permissions===
===User login and permissions===
