Enable HSTS

T

Tazmanian79

Verified User
Joined
Jul 24, 2010
Messages
106
Hello,

I'm using a VPS server with directadmin 1.512 Apache 2.

Some time ago I have setup a certificate for one website. Everything is fine.
But I would like to enable HSTS. I found some information on this forum but none of them is really clear for me.

Is there someone who can provide me step by step guide to enable HSTS for one domain (which has also 1 aliasdomain).

Thanks!
 
It's pretty simple. Just put a .htaccess file in the public_html folder of the domain with the following code:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
Click to expand...

The first three lines are redirect from http to https and the last line is the HSTS header.
 
I manged to edited the Virtual Host file (is 'cleaner' dan in the .htaccess file)

<VirtualHost IP :80 >

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

</VirtualHost>

<VirtualHost IP:443 >

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"

</Directory>
</VirtualHost>
 
You must log in or register to reply here.
Back
Top