Control Web Panel

WebPanel => Apache => Topic started by: itmonitor on April 10, 2019, 03:21:43 PM

Title: HSTS in CWP
Post by: itmonitor on April 10, 2019, 03:21:43 PM
Hi! Not sure this is the right forum. Could anybody point me to instructions on how to setup HSTS in CWP?

Any advice is welcome.

Rgs

IM
Title: Re: HSTS in CWP
Post by: itmonitor on April 13, 2019, 09:19:22 AM
Hi, please, any advice is welcome. Looking forward to your replies.
Title: Re: HSTS in CWP
Post by: Netino on April 14, 2019, 04:09:57 AM
In Apache, add the following parameter in the VHOST site:
Code: [Select]
Header add Strict-Transport-Security "max-age=15768000"

or

Code: [Select]
Strict-Transport-Security: max-age=15768000; includeSubDomains

The max-age parameter sets the browser the validity period in seconds that HTTPS will be forced, in which case it will be 6 months. The "includeSubDomains" parameter indicates that this rule will apply to subdomains.

Regards,
Netino
Title: Re: HSTS in CWP
Post by: itmonitor on April 14, 2019, 01:33:01 PM
Hi, thank you.