Last active
August 4, 2018 19:47
-
-
Save jmorahan/da86aa2b87e0513c3baa to your computer and use it in GitHub Desktop.
HSTS with Apache
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_headers.c> | |
| # Remove any previously set header from the 'onsuccess' table. | |
| Header unset Strict-Transport-Security | |
| # Set the header in the 'always' table for HTTPS requests, replacing any previous header. | |
| Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains" env=HTTPS | |
| # For HTTP requests, the header should not be sent. | |
| Header always unset Strict-Transport-Security env=!HTTPS | |
| </IfModule> | |
| <IfModule mod_rewrite.c> | |
| # Instead, send a 301 redirect. | |
| RewriteEngine On | |
| RewriteCond %{HTTPS} off | |
| RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment