summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apache2/conf-available/security.conf20
-rw-r--r--apache2/conf-available/security.conf.diff22
2 files changed, 3 insertions, 39 deletions
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf
index 6652f0d..2fcb473 100644
--- a/apache2/conf-available/security.conf
+++ b/apache2/conf-available/security.conf
@@ -88,24 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a
Header always set Referrer-Policy "no-referrer-when-downgrade"
# enable Strict Transport Security
-# <http://www.debian-administration.org/articles/662>
-<IfDefine !_NO_HSTS>
-<IfDefine !_NO_HSTS_SUBDOMAINS>
-<IfDefine !_NO_HSTS_PRELOAD>
- Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload"
-</IfDefine>
-<IfDefine _NO_HSTS_PRELOAD>
- Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-</IfDefine>
-</IfDefine>
-<IfDefine _NO_HSTS_SUBDOMAINS>
-<IfDefine !_NO_HSTS_PRELOAD>
- Header set Strict-Transport-Security: "max-age=15768000;preload"
-</IfDefine>
-<IfDefine _NO_HSTS_PRELOAD>
- Header set Strict-Transport-Security: "max-age=15768000"
-</IfDefine>
-</IfDefine>
-</IfDefine>
+Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff
index 66829ed..c363be3 100644
--- a/apache2/conf-available/security.conf.diff
+++ b/apache2/conf-available/security.conf.diff
@@ -9,7 +9,7 @@
#ServerTokens Full
#
-@@ -60,14 +60,52 @@
+@@ -60,14 +60,34 @@
# else than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
#
@@ -43,24 +43,6 @@
+Header always set Referrer-Policy "no-referrer-when-downgrade"
+
+# enable Strict Transport Security
-+# <http://www.debian-administration.org/articles/662>
-+<IfDefine !_NO_HSTS>
-+<IfDefine !_NO_HSTS_SUBDOMAINS>
-+<IfDefine !_NO_HSTS_PRELOAD>
-+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload"
-+</IfDefine>
-+<IfDefine _NO_HSTS_PRELOAD>
-+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains"
-+</IfDefine>
-+</IfDefine>
-+<IfDefine _NO_HSTS_SUBDOMAINS>
-+<IfDefine !_NO_HSTS_PRELOAD>
-+ Header set Strict-Transport-Security: "max-age=15768000;preload"
-+</IfDefine>
-+<IfDefine _NO_HSTS_PRELOAD>
-+ Header set Strict-Transport-Security: "max-age=15768000"
-+</IfDefine>
-+</IfDefine>
-+</IfDefine>
++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet