How to set “Strict-Transport-Security”?

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 658
Joined: 2014/11/24 11:04:37

How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/14 07:50:21

Hello,
I added below line to "httpd.conf" file:

Code: Select all

LoadModule headers_module modules/mod_headers.so
And I added below line to Virtual Host file:

Code: Select all

<VirtualHost *:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomain; preload"
ServerAdmin root@localhost
ServerName www.example.net
ServerAlias www.example.net
...
Is it OK?

Thank you.

aks
Posts: 3020
Joined: 2014/09/20 11:22:14

Re: How to set “Strict-Transport-Security”?

Post by aks » 2020/09/16 17:43:52

I use:
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
for Apache HTTPd.
And various websites (like securityheaders.com) can tell you if it works.....

hack3rcon
Posts: 658
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/17 18:33:21

Thank you.
Result is:
Test-0.PNG
Test-0.PNG (25.71 KiB) Viewed 94 times

hack3rcon
Posts: 658
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/17 19:04:21

I added some headers to "httpd.conf" and it become:
header.PNG
header.PNG (7.26 KiB) Viewed 88 times
I have two problems:
1- For "Permissions-Policy" I added below line but problem not solved:

Code: Select all

Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://mysiteURL.com"
2- When I add below line then the style of web page and some graphical components are disabled:

Code: Select all

Header set Content-Security-Policy "default-src 'self';"
What is the problem?

aks
Posts: 3020
Joined: 2014/09/20 11:22:14

Re: How to set “Strict-Transport-Security”?

Post by aks » 2020/09/20 06:52:29

1. https://scotthelme.co.uk/goodbye-featur ... ns-policy/
2. Sometimes you have to understand what you are doing! You've set CSP to self only and something is not from self.

hack3rcon
Posts: 658
Joined: 2014/11/24 11:04:37

Re: How to set “Strict-Transport-Security”?

Post by hack3rcon » 2020/09/20 19:29:56

aks wrote:
2020/09/20 06:52:29
1. https://scotthelme.co.uk/goodbye-featur ... ns-policy/
2. Sometimes you have to understand what you are doing! You've set CSP to self only and something is not from self.
I see :(
If my domain name is "example.net" then what is the best value for "self"?

Post Reply

Return to “CentOS 8 - Networking Support”