add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS.
author: mh <mh@immerda.ch> 2010-12-06 17:40:46 +0100
committer: mh <mh@immerda.ch> 2010-12-06 17:40:46 +0100
commit: a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 (patch)
tree: 7c97eba3a7610c8151ab9d8e048cad77f1dd7d06 /templates/vhosts/php_silverstripe
parent: c8c3719c722c23dc5c4187eaf487947340a95478 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb
index 580af05..2973d3e 100644
--- a/templates/vhosts/php_silverstripe/php_silverstripe.erb
+++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb
@@ -162,6 +162,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -395,6 +399,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
author	mh <mh@immerda.ch>	2010-12-06 17:40:46 +0100
committer	mh <mh@immerda.ch>	2010-12-06 17:40:46 +0100
commit	a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 (patch)
tree	7c97eba3a7610c8151ab9d8e048cad77f1dd7d06 /templates/vhosts/php_silverstripe
parent	c8c3719c722c23dc5c4187eaf487947340a95478 (diff)