71
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
Line 17:
Line 17:
### Enable HTTP Strict Transport Security, lifetime 6 months ###+
Edit the file to contain the following lines:
Edit the file to contain the following lines:
− {
− Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" env=HTTPS
+ return " # skipping HSTS\n" unless $port eq "$httpsPort";
+ $OUT = 'Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"' ;
+ }
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
[root@e-smith ~]# '''expand-template /etc/httpd/conf/httpd.conf'''
[root@e-smith ~]# '''expand-template /etc/httpd/conf/httpd.conf'''
− [root@e-smith ~]# '''service httpd-e-smith restart'''
+ [root@e-smith ~]# '''systemctl restart httpd-e-smith'''
===Validating HSTS===
===Validating HSTS===
