Search results

  1. J

    force redirect is not secure yet for HSTS

    ------------------ We agree that this force redirect is a design issue in control panels. I do not want my own code if GUI DirectAdmin 'guarantees' a way to do the same. Security headers, like HSTS, in a web browser only work with the first domain name via HTTPS. So the design by DirectAdmin...
  2. J

    force redirect is not secure yet for HSTS

    Thanks for your workarounds and new insights. The problem is not purely HSTS related. The rewrite to HTTPS, I think, works correctly in DirectAdmin, before security headers are reached in .htaccess, httpd (or nginx directive). I have understood from internet.nl that security headers in a web...
  3. J

    force redirect is not secure yet for HSTS

    The recent functionality in DirectAdmin to force redirect to subdomain www. or without, is still unstable. According to mail exchange with internet.nl: - The HSTS header is detected at the first contact over HTTPS. - When redirecting to another subdomain, the HSTS header must therefore be...
  4. J

    force redirect is not secure yet for HSTS

    Force redirect to the www subdomain or without www can be chosen. Documented on https://www.directadmin.com/features.php?id=2365 Why is coding in Direct Admin not yet sufficient for HSTS and security headers on internet.nl? I think the coding must be in two steps in order to be secure. Note...
Top