147
edits
Changes
Jump to navigation
Jump to search
mLine 18:
Line 18: − + Line 60:
Line 60: − +
→Enabling HSTS: only serve HSTS header over HTTPS
### Enable HTTP Strict Transport Security, lifetime 6 months ###
### Enable HTTP Strict Transport Security, lifetime 6 months ###
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" env=HTTPS
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
The value of max-age is in seconds, so the value given corresponds to 6 months. After a client has visited your server using HTTPS once, it will always use HTTPS for subsequent visits within that timeframe. You may adjust this time if you wish. Press Ctrl-X to exit, and Y to save. Then, expand the template and restart your web server:
[root@e-smith ~]# '''nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/05PublicKeyPinning'''
[root@e-smith ~]# '''nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/05PublicKeyPinning'''
Edit the file to contain the following lines:
Edit the file to contain the following lines, replacing the values for pin-sha256 with the hashes you determined above, and adding or removing pin-sha256 lines as required:
### Enable HTTP Public Key Pinning, lifetime 24 hours
### Enable HTTP Public Key Pinning, lifetime 24 hours