diff options
author | mh <mh@immerda.ch> | 2010-12-06 17:40:46 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2010-12-06 17:40:46 +0100 |
commit | a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 (patch) | |
tree | 7c97eba3a7610c8151ab9d8e048cad77f1dd7d06 /templates | |
parent | c8c3719c722c23dc5c4187eaf487947340a95478 (diff) |
add STS header for enforced SSL sites
* http://en.wikipedia.org/wiki/Strict_Transport_Security
This will tell browsers to interact with that site only per HTTPS.
Diffstat (limited to 'templates')
-rw-r--r-- | templates/vhosts/gitweb/gitweb.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/passenger/passenger.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/perl/perl.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php/php.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_drupal/php_drupal.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_gallery2/php_gallery2.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_joomla/php_joomla.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_mediawiki/php_mediawiki.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_silverstripe/php_silverstripe.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_simplemachine/php_simplemachine.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_spip/php_spip.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_typo3/php_typo3.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/php_wordpress/php_wordpress.erb | 8 | ||||
-rw-r--r-- | templates/vhosts/proxy/proxy.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/redirect/redirect.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/static/static.erb | 4 | ||||
-rw-r--r-- | templates/vhosts/webdav/webdav.erb | 4 |
17 files changed, 112 insertions, 0 deletions
diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 4beda07..0f72447 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -116,6 +116,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi <%- if not ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index fd9f555..33cf280 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -106,6 +106,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index b922637..5153925 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -131,6 +131,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> <IfModule mpm_itk_module> AssignUserId <%= run_uid+" "+run_gid %> @@ -338,6 +342,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 97e9b10..5f05b7b 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -140,6 +140,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -333,6 +337,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index dc40e8a..0fdef81 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -161,6 +161,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -395,6 +399,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index ee2275a..075db8c 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -148,6 +148,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -355,6 +359,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 47da796..1cd17ba 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -163,6 +163,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> Include include.d/joomla.inc @@ -394,6 +398,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> Include include.d/joomla.inc diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 170623f..2c9e1bd 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -131,6 +131,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -311,6 +315,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 580af05..2973d3e 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -162,6 +162,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -395,6 +399,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 37ac794..3b14edc 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -134,6 +134,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -321,6 +325,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index da42d40..13c1199 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -140,6 +140,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -333,6 +337,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 8195e41..c364927 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -46,6 +46,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> @@ -374,6 +378,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index f30ad91..c1003fe 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -136,6 +136,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> @@ -324,6 +328,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 3251b7d..b007523 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -71,6 +71,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <Proxy *> Order deny,allow Allow from all diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index ba93c46..e1928b5 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -61,6 +61,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> Redirect permanent / https://<%= options %> </VirtualHost> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 18168c1..7eac5a9 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -106,6 +106,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> <Directory "<%= documentroot %>/"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index a4508b3..72b3e9a 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -140,6 +140,10 @@ </IfModule> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock <Directory "<%= documentroot %>/"> Dav on |