From 949a7f3e9400facb8920e3ccce5f53fd10138e06 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 15 Jun 2015 10:48:08 +0200 Subject: [PATCH 1/2] Add includeSubDomains + preload recommendation --- admin_manual/configuration_server/harden_server.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst index 940fecf3c..392717614 100644 --- a/admin_manual/configuration_server/harden_server.rst +++ b/admin_manual/configuration_server/harden_server.rst @@ -119,7 +119,7 @@ VirtualHost file: ServerName cloud.owncloud.com - Header always add Strict-Transport-Security "max-age=15768000" + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" It shall be noted that this requires that the ``mod_headers`` extension to be installed. From 6de4952a6bac3122a04f12fbff88e473c61dc483 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 15 Jun 2015 10:50:58 +0200 Subject: [PATCH 2/2] Some more warnings --- admin_manual/configuration_server/harden_server.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst index 392717614..a73c2c8c2 100644 --- a/admin_manual/configuration_server/harden_server.rst +++ b/admin_manual/configuration_server/harden_server.rst @@ -122,7 +122,12 @@ VirtualHost file: Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" -It shall be noted that this requires that the ``mod_headers`` extension to be installed. +Be aware that above policy will also apply for all subdomains, if you don't +have HTTPS properly configured on all subdomains you mut remove the ``includeSubdomains`` +part. + +Furthermore it shall be noted that this requires that the ``mod_headers`` +extension is installed. Proper SSL configuration ************************