LinuxQuestions.org - Enable HTTP Strict Transport Security

- CentOS (https://www.linuxquestions.org/questions/centos-111/)

- - Enable HTTP Strict Transport Security (https://www.linuxquestions.org/questions/centos-111/enable-http-strict-transport-security-4175616496/)

robertkwild

10-27-2017 08:54 AM

Enable HTTP Strict Transport Security

hi all,

got a warning on my nextcloud server saying i need to do the above but reading through the manual -

https://docs.nextcloud.com/server/12...en_server.html

where do you add those lines to, is it the -

/etc/httpd/conf/httpd.conf

or here

/etc/httpd/conf.d/ssl.conf

many thanks,

rob

robertkwild

10-27-2017 10:57 AM

got it working, i didnt need all the information required, as some where duplicates in the ssl.conf file so all i needed was the below, i put it in between the two virtual host tags -

<IfModule mod_headers.c>

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

</IfModule>

All times are GMT -5. The time now is 09:47 PM.