Created
June 7, 2019 05:55
-
-
Save dzc34/0ad17261c660e0ec8b0ff50f5ce36480 to your computer and use it in GitHub Desktop.
Apache config - HTTPS Strict-Transport-Security (HSTS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HSTS (HTTPS Strict-Transport-Security) for 1 Year including Sub Domains | |
############################################################################## | |
# web server declare that web browsers should only interact with it | |
# using secure HTTPS connections, and never via the insecure HTTP protocol | |
############################################################################### | |
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains;" | |
# redirects the user to the page they were visiting over https | |
############################################################################### | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteCond %{HTTPS} off | |
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301] | |
</IfModule> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment