diff options
author | Jonas Smedegaard <dr@jones.dk> | 2020-10-19 20:21:04 +0200 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-19 20:21:04 +0200 |
commit | d07729f5b66b10b80c6857c4f918c2ff4f699049 (patch) | |
tree | 66e791aa7d4db66cf4fbace6f7a3416097669d1e | |
parent | 206eb62fc7902304f4ec2d4e18991596312974da (diff) |
set HSTS header unconditionally, with an age of 2 years
-rw-r--r-- | apache2/conf-available/security.conf | 20 | ||||
-rw-r--r-- | apache2/conf-available/security.conf.diff | 22 |
2 files changed, 3 insertions, 39 deletions
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf index 6652f0d..2fcb473 100644 --- a/apache2/conf-available/security.conf +++ b/apache2/conf-available/security.conf @@ -88,24 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a Header always set Referrer-Policy "no-referrer-when-downgrade" # enable Strict Transport Security -# <http://www.debian-administration.org/articles/662> -<IfDefine !_NO_HSTS> -<IfDefine !_NO_HSTS_SUBDOMAINS> -<IfDefine !_NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload" -</IfDefine> -<IfDefine _NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains" -</IfDefine> -</IfDefine> -<IfDefine _NO_HSTS_SUBDOMAINS> -<IfDefine !_NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;preload" -</IfDefine> -<IfDefine _NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000" -</IfDefine> -</IfDefine> -</IfDefine> +Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff index 66829ed..c363be3 100644 --- a/apache2/conf-available/security.conf.diff +++ b/apache2/conf-available/security.conf.diff @@ -9,7 +9,7 @@ #ServerTokens Full # -@@ -60,14 +60,52 @@ +@@ -60,14 +60,34 @@ # else than declared by the content type in the HTTP headers. # Requires mod_headers to be enabled. # @@ -43,24 +43,6 @@ +Header always set Referrer-Policy "no-referrer-when-downgrade" + +# enable Strict Transport Security -+# <http://www.debian-administration.org/articles/662> -+<IfDefine !_NO_HSTS> -+<IfDefine !_NO_HSTS_SUBDOMAINS> -+<IfDefine !_NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload" -+</IfDefine> -+<IfDefine _NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains" -+</IfDefine> -+</IfDefine> -+<IfDefine _NO_HSTS_SUBDOMAINS> -+<IfDefine !_NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;preload" -+</IfDefine> -+<IfDefine _NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000" -+</IfDefine> -+</IfDefine> -+</IfDefine> ++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" # vim: syntax=apache ts=4 sw=4 sts=4 sr noet |