Setting HSTS options to "max-age=63072000; includeSubDomains; preload".

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-08 19:13:09 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-08 19:13:09 +0000
commit: f6cf6ed1194bef1a26cde2ec5648c5fa679b883b (patch)
tree: 7b1d125ab427662cb590c50a32f02442569b6f8d /debian
parent: Setting Content-Security-Policy to "default-src https: 'self'; style-src http... (diff)
download: apache2-f6cf6ed1194bef1a26cde2ec5648c5fa679b883b.tar.xz
apache2-f6cf6ed1194bef1a26cde2ec5648c5fa679b883b.zip
2 files changed, 8 insertions, 1 deletions
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index c9a0192..bc839f1 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -56,7 +56,7 @@ enable_default_conf()
 	if is_fresh_install $@ ; then
 		for conf in charset localized-error-pages other-vhosts-access-log \
 				security serve-cgi-bin \
-				csp ; do
+				csp hsts ; do
 			a2enconf -m -q $conf
 		done
 	fi
diff --git a/debian/config-dir/conf-available/hsts.conf b/debian/config-dir/conf-available/hsts.conf
new file mode 100644
index 0000000..baf11af
--- /dev/null
+++ b/debian/config-dir/conf-available/hsts.conf
@@ -0,0 +1,7 @@
+# /etc/apache2/conf-available/hsts.conf
+
+<IfModule mod_ssl.c>
+	<IfModule mod_headers.c>
+		Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+	</IfModule>
+</IfModule>
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-08 19:13:09 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-08 19:13:09 +0000
commit	f6cf6ed1194bef1a26cde2ec5648c5fa679b883b (patch)
tree	7b1d125ab427662cb590c50a32f02442569b6f8d /debian
parent	Setting Content-Security-Policy to "default-src https: 'self'; style-src http... (diff)
download	apache2-f6cf6ed1194bef1a26cde2ec5648c5fa679b883b.tar.xz apache2-f6cf6ed1194bef1a26cde2ec5648c5fa679b883b.zip