From: Thomas Dalichow Date: Wed, 4 Jul 2018 14:21:28 +0000 (+0200) Subject: fbb-www - enable HSTS headers X-Git-Tag: v0.1.0~634 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=96ee18c02ac98f6f6a3b0007f5d578d2d304db1a;p=pixelpark%2Fhiera.git fbb-www - enable HSTS headers --- diff --git a/customer/fbb-www/production.yaml b/customer/fbb-www/production.yaml index 4e485ed5..d04ad0dd 100644 --- a/customer/fbb-www/production.yaml +++ b/customer/fbb-www/production.yaml @@ -290,6 +290,7 @@ infra::profile::apache::pp_vhosts: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' headers: + - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS' - 'set X-Content-Type-Options: nosniff' - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: DENY' @@ -327,6 +328,7 @@ infra::profile::apache::pp_vhosts: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' headers: + - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS' - 'set X-Content-Type-Options: nosniff' - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: DENY' @@ -366,6 +368,7 @@ infra::profile::apache::pp_vhosts: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' headers: + - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS' - 'set X-Content-Type-Options: nosniff' - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: DENY' @@ -730,6 +733,7 @@ infra::profile::apache::pp_vhosts: - 'HTTPS on X-Forwarded-Proto=https' - 'HTTPS on HTTPS=on' headers: + - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS' - 'set X-Content-Type-Options: nosniff' - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: DENY' @@ -809,6 +813,7 @@ infra::profile::apache::pp_vhosts: - 'Remote_Addr "172\.18\.49\.24" AdslZugriffErlaubt' - 'Remote_Addr "10\.99\.1\.10" AdslZugriffErlaubt' headers: + - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS' - 'set X-Content-Type-Options: nosniff' - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: DENY'