Neograph734
Verified User
- Joined
- Sep 17, 2014
- Messages
- 18
In my attempt to roll out HSTS for all clients, I have been searching around and found a lot of customizations in the vhosts templates. Though I have no doubt that will work, I also came across the HSTS header: HTTP Strict Transport Security feature that was added with DA 1.49.
When reading the feature page it is not entirely clear if this is supposed to work for clients, or only for the 2222 pages. Also the Release Candidate post was not clear to me; All traffic to the control panel, or also individual domains?
So eventually I just tried it by adding 'hsts=5184000' to directadmin.conf, ran './build rewrite_confs' (not documented, but I assumed it would make sense to rewrite the vhosts), but no avail. Nor my client's sites, nor the example.com:2222 page shows the HSTS header.
What is 'hsts=5184000' supposed to do?
When reading the feature page it is not entirely clear if this is supposed to work for clients, or only for the 2222 pages. Also the Release Candidate post was not clear to me; All traffic to the control panel, or also individual domains?
HSTS Header - ability to redirect all http traffic to https before any client connection (careful: affects apache with same host).
So eventually I just tried it by adding 'hsts=5184000' to directadmin.conf, ran './build rewrite_confs' (not documented, but I assumed it would make sense to rewrite the vhosts), but no avail. Nor my client's sites, nor the example.com:2222 page shows the HSTS header.
What is 'hsts=5184000' supposed to do?