diff options
-rw-r--r-- | apache2/conf-available/security.conf | 20 | ||||
-rw-r--r-- | apache2/conf-available/security.conf.diff | 22 |
2 files changed, 3 insertions, 39 deletions
diff --git a/apache2/conf-available/security.conf b/apache2/conf-available/security.conf index 6652f0d..2fcb473 100644 --- a/apache2/conf-available/security.conf +++ b/apache2/conf-available/security.conf @@ -88,24 +88,6 @@ Header always set Permissions-Policy "accelerometer(), ambient-light-sensor(), a Header always set Referrer-Policy "no-referrer-when-downgrade" # enable Strict Transport Security -# <http://www.debian-administration.org/articles/662> -<IfDefine !_NO_HSTS> -<IfDefine !_NO_HSTS_SUBDOMAINS> -<IfDefine !_NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload" -</IfDefine> -<IfDefine _NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains" -</IfDefine> -</IfDefine> -<IfDefine _NO_HSTS_SUBDOMAINS> -<IfDefine !_NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000;preload" -</IfDefine> -<IfDefine _NO_HSTS_PRELOAD> - Header set Strict-Transport-Security: "max-age=15768000" -</IfDefine> -</IfDefine> -</IfDefine> +Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/apache2/conf-available/security.conf.diff b/apache2/conf-available/security.conf.diff index 66829ed..c363be3 100644 --- a/apache2/conf-available/security.conf.diff +++ b/apache2/conf-available/security.conf.diff @@ -9,7 +9,7 @@ #ServerTokens Full # -@@ -60,14 +60,52 @@ +@@ -60,14 +60,34 @@ # else than declared by the content type in the HTTP headers. # Requires mod_headers to be enabled. # @@ -43,24 +43,6 @@ +Header always set Referrer-Policy "no-referrer-when-downgrade" + +# enable Strict Transport Security -+# <http://www.debian-administration.org/articles/662> -+<IfDefine !_NO_HSTS> -+<IfDefine !_NO_HSTS_SUBDOMAINS> -+<IfDefine !_NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains;preload" -+</IfDefine> -+<IfDefine _NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains" -+</IfDefine> -+</IfDefine> -+<IfDefine _NO_HSTS_SUBDOMAINS> -+<IfDefine !_NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000;preload" -+</IfDefine> -+<IfDefine _NO_HSTS_PRELOAD> -+ Header set Strict-Transport-Security: "max-age=15768000" -+</IfDefine> -+</IfDefine> -+</IfDefine> ++Header always set Strict-Transport-Security "max-age=63072000;includeSubdomains;preload" # vim: syntax=apache ts=4 sw=4 sts=4 sr noet |