How to set “Strict-Transport-Security”?

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/14 07:50:21

Hello,
I added below line to "httpd.conf" file:

Code: Select all

LoadModule headers_module modules/mod_headers.so
And I added below line to Virtual Host file:

Code: Select all

<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomain; preload"
ServerAdmin root@localhost
ServerName www.example.net
ServerAlias www.example.net
...
Is it OK?

Thank you.

aks
Posts: 3022
Joined: 2014/09/20 11:22:14

Re: How to set “Strict-Transport-Security”?

Post by aks » 2020/09/16 17:43:52

I use:
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
for Apache HTTPd.
And various websites (like securityheaders.com) can tell you if it works.....

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/17 18:33:21

Thank you.
Result is:
Test-0.PNG
Test-0.PNG (25.71 KiB) Viewed 125 times

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/17 19:04:21

I added some headers to "httpd.conf" and it become:
header.PNG
header.PNG (7.26 KiB) Viewed 119 times
I have two problems:
1- For "Permissions-Policy" I added below line but problem not solved:

Code: Select all

Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://mysiteURL.com"
2- When I add below line then the style of web page and some graphical components are disabled:

Code: Select all

Header set Content-Security-Policy "default-src 'self';"
What is the problem?

aks
Posts: 3022
Joined: 2014/09/20 11:22:14

Re: How to set “Strict-Transport-Security”?

Post by aks » 2020/09/20 06:52:29

1. https://scotthelme.co.uk/goodbye-featur ... ns-policy/
2. Sometimes you have to understand what you are doing! You've set CSP to self only and something is not from self.

hack3rcon
Posts: 663
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/20 19:29:56

aks wrote:
2020/09/20 06:52:29
1. https://scotthelme.co.uk/goodbye-featur ... ns-policy/
2. Sometimes you have to understand what you are doing! You've set CSP to self only and something is not from self.
I see :(
If my domain name is "example.net" then what is the best value for "self"?

aks
Posts: 3022
Joined: 2014/09/20 11:22:14

Re: How to set “Strict-Transport-Security”?

Post by aks » 2020/09/24 17:00:29

self is self same as this used in so much OO programing
Suggest at this point you learn what you are doing (or at least read up on the subject at hand).

Post Reply

Return to “CentOS 8 - Networking Support”