Changes

Jump to navigation Jump to search
995 bytes added ,  13:02, 14 September 2015
→‎Force Https: added section for HTTP Strict Transport Security
Line 81: Line 81:     
==Optional Addons & Settings==
 
==Optional Addons & Settings==
===Force Https===
+
===Security===
   −
You can force https redirection whenever you use the http protocol:
+
====Require HTTPS====
 +
You can force https redirection whenever you use the http protocol. See [[Https_redirection]] for more information.
   −
see [[Https_redirection]]
+
In Owncloud versions prior to 8.1.1 you could also force https by checking 'Enforce HTTPS' in the Security section of the Admin section.
 +
 
 +
====Strict Transport Security====
 +
Starting with ownCloud version 8.1.1, the admin panel may display this warning:
 +
 
 +
The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
 +
 
 +
A resolution for this was presented in forum thread [http://forums.contribs.org/index.php/topic,51916.0.html owncloud 8.1,1, Strict-Transport-Security and SME 9], in which mmccarn suggested to minor changes.
 +
 
 +
First, verify that the Apache headers module is loaded. You can look in the file httpd.conf for "LoadModule headers_module modules/mod_headers.so". Also, Xavier.A offered the command,
 +
 
 +
apachectl -t -D DUMP_MODULES 2>&1 | grep header
 +
 
 +
as a way to check for the module.
   −
In Owncloud versions prior to 8.1.1 you could also force https by checking 'Enforce HTTPS' in the Security section of the Admin section.
+
The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools avaialble on the web.
    
===User login and permissions===
 
===User login and permissions===
82

edits

Navigation menu