logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Problem implementing Strict-Transport-Security

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
Haldrik



Joined: 28 Aug 2017
Posts: 1
Location: USA, Asheville

PostPosted: Tue 29 Aug '17 17:30    Post subject: Problem implementing Strict-Transport-Security Reply with quote

Hello everyone!
New to forum, first post. I'm having a problem implementing Strict-Transport-Security on a server running Apache 2.4.10, PHP7.1.8 (Ubuntu 14.04).
I've read every related post on this forum, and I actually have it working fine on a different server (2.4.18 with Ubuntu 16.04), but nothing I do is working. I know this because Mozilla's "Observatory" report for this site is saying that "HTTP Strict Transport Security (HSTS) header cannot be recognized."
My /etc/apache2/sites-available/default.conf.le-ssl.conf contains this:
Code:

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>
</IfModule>

I also added this line to my /etc/apache2/apache2.conf file:
Code:
Header set Strict-Transport-Security "max-age-31536000; includeSubDomains; preload"
Other headers set in the apache2.conf file (X-Content-Ype-Options, for example) are working fine. SSL works fine on the site. In fact, the site works fine, but I'm distressed that the Observatory score is low because of this one factor.
Thanks for any tips to get this working!
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 794
Location: Amsterdam, NL, EU

PostPosted: Mon 04 Sep '17 9:14    Post subject: Re: Problem implementing Strict-Transport-Security Reply with quote

Haldrik wrote:
I also added this line to my /etc/apache2/apache2.conf file:
Code:
Header set Strict-Transport-Security "max-age-31536000; includeSubDomains; preload"

There is a typo here: max-age-31536000 should be max-age=31536000.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1