From 6266a6ff0ddb65353b9c491da408bb5fc9b543f3 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Mon, 19 Oct 2020 21:44:05 +0200
Subject: tidy (i.e. revert) logic of checking for HTTPS

---
 apache2/conf-available/local-tls.conf | 2 +-
 apache2/conf-available/security.conf  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apache2/conf-available/local-tls.conf b/apache2/conf-available/local-tls.conf
index da6de62..53f777b 100644
--- a/apache2/conf-available/local-tls.conf
+++ b/apache2/conf-available/local-tls.conf
@@ -15,7 +15,7 @@
 
 <IfDefine _TLSHOST>
 
-<If "%{HTTPS} == 'off'">
+<If "%{HTTPS} != 'on'">
 	RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
 </If>
 
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index 6975048..51d0d4c 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,6 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
 Header always set Referrer-Policy "no-referrer-when-downgrade"
 
 # enable Strict Transport Security
-Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} != 'off'"
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" "expr=%{HTTPS} == 'on'"
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-- 
cgit v1.2.3