Configure Apache to send HSTS header only in virtual hosts using HTTPS

Question

Configure Apache to send HSTS header only in virtual hosts using HTTPS

We have an Apache 2.4 server that runs numerous virtual hosts, some of which use http and some of which use https. I would like to send the same HSTS (Strict-Transport-Security) header only in those virtual hosts that use https.

I realize I could add the Header command individually to each virtual hosts, but I would rather set it once in the Apache global config section. Is it possible to set it in the global config so that only the https virtual hosts send it?

0

apache-2.4 hsts

задан user35042 8 June 2017 в 22:21

Ссылка

1 ответ

Похожие вопросы

score 1 · Answer 1 · 4 December 2019 в 16:14

Вы можете попробовать использовать выражение if.

http://httpd.apache.org/docs/2.4/mod/core.html#if

http: // httpd.apache.org/docs/2.4/expr.html[1234ptingFor example, untested

# Проверить заголовок HTTP на наличие списка значений <Если "% {HTTPS} == 'on' &&% {HTTP_HOST} == 'ssl.example.com'"> Заголовочный набор HSTS ...

Configure Apache to send HSTS header only in virtual hosts using HTTPS

Теги

Похожие вопросы