HSTS on server host name
Hi.
I'm still a newbie, so apologies if I'm asking a silly question- my host fully manages my server.
I've recently looked at all our HTTPS sites to see how I can enhance the security further. They now all score A+ with the SSL Labs tool- basically due to changing the ciphers in WHM and setting a Strict Transfer Security header in the sites .htaccess files:
The HSTS header ensures that future connections are only done over HTTPS: /http://mikkel.hoegh.org/blog/2010/09/09/protecting-your-users-phishing-apache-rules-hsts/ It's not a massive deal, but I am wondering how I can do that with my server host name. Because there isn't a website there (and I don't think you can have a website on your server host name anyway) I can't set an .htaccess rule. In fact, I'm not sure Apache is involved at all with this. Is there a way I can set the header when accessing my server, so that it gets an A+ in SSL Labs? It's not a big deal, but it would look good.
Header set Strict-Transport-Security max-age=16070400;
The HSTS header ensures that future connections are only done over HTTPS: /http://mikkel.hoegh.org/blog/2010/09/09/protecting-your-users-phishing-apache-rules-hsts/ It's not a massive deal, but I am wondering how I can do that with my server host name. Because there isn't a website there (and I don't think you can have a website on your server host name anyway) I can't set an .htaccess rule. In fact, I'm not sure Apache is involved at all with this. Is there a way I can set the header when accessing my server, so that it gets an A+ in SSL Labs? It's not a big deal, but it would look good.
-
Hello :) You could configure an entry in the VirtualHost for your hostname instead of with a .htaccess file. The following document should help guide you on making that change: Modify Virtualhost Containers With Include Files Thank you. 0
Please sign in to leave a comment.
Comments
1 comment