Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
litespeed_wiki:hsts [2014/09/04 15:47] Michael Armstrong [Using Apache Configs] |
litespeed_wiki:hsts [2015/07/31 14:16] Michael Alegre removed |
||
|---|---|---|---|
| Line 22: | Line 22: | ||
| {{litespeed_wiki:hsts_context_add.png?700px}} | {{litespeed_wiki:hsts_context_add.png?700px}} | ||
| - | Since we only want to add an extra header, it is easiest to set up a static context. | + | Since we only want to add an extra header, it is easiest to set up a static context. You can also add this header to any other context you already have set up. |
| {{litespeed_wiki:hsts_context_static.png?700px}} | {{litespeed_wiki:hsts_context_static.png?700px}} | ||
| - | I want all pages for this virtual host to use HSTS, so I set the context URI to ''/''. I then add the HSTS header into the Extra Headers setting: ''Strict-Transport-Security "max-age=31536000"''. | + | I want all pages for this virtual host to use HSTS, so I set the context URI to ''/''. I then add the HSTS header into the Extra Headers setting: ''Strict-Transport-Security "max-age=31536000"''. This header tells the client that interactions with the configured sites should always use HTTPS for one year (31536000 seconds). |
| {{litespeed_wiki:hsts_context_header.png?700px}} | {{litespeed_wiki:hsts_context_header.png?700px}} | ||
| When you're done, click Save, then perform a graceful restart to apply the changes. | When you're done, click Save, then perform a graceful restart to apply the changes. | ||
| - | |||
| ====== Checking HSTS ====== | ====== Checking HSTS ====== | ||
| + | |||
| + | Once the HSTS header has been added, you should be able to see ''Strict-Transport-Security: max-age=31536000'' when viewing response headers. Running a ''curl -i'' script directed to one of the configured pages will show you the headers in addition to the site content. | ||