add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS.
author: mh <mh@immerda.ch> 2010-12-06 17:40:46 +0100
committer: mh <mh@immerda.ch> 2010-12-06 17:40:46 +0100
commit: a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 (patch)
tree: 7c97eba3a7610c8151ab9d8e048cad77f1dd7d06 /templates
parent: c8c3719c722c23dc5c4187eaf487947340a95478 (diff)
17 files changed, 112 insertions, 0 deletions
diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb
index 4beda07..0f72447 100644
--- a/templates/vhosts/gitweb/gitweb.erb
+++ b/templates/vhosts/gitweb/gitweb.erb
@@ -116,6 +116,10 @@
     AddDefaultCharset <%= default_charset %>
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+    <%- end -%>
+
     SetEnv GITWEB_CONFIG <%= gitweb_config %>
     DirectoryIndex gitweb.cgi
     <%- if not ssl_mode.to_s == 'force' then -%>
diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb
index fd9f555..33cf280 100644
--- a/templates/vhosts/passenger/passenger.erb
+++ b/templates/vhosts/passenger/passenger.erb
@@ -106,6 +106,10 @@
     <%- if default_charset.to_s != 'absent' then -%>
     AddDefaultCharset <%= default_charset %>
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+    <%- end -%>
+
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb
index b922637..5153925 100644
--- a/templates/vhosts/perl/perl.erb
+++ b/templates/vhosts/perl/perl.erb
@@ -131,6 +131,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
     <IfModule mpm_itk_module>
         AssignUserId <%= run_uid+" "+run_gid %>
@@ -338,6 +342,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- unless run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb
index 97e9b10..5f05b7b 100644
--- a/templates/vhosts/php/php.erb
+++ b/templates/vhosts/php/php.erb
@@ -140,6 +140,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -333,6 +337,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb
index dc40e8a..0fdef81 100644
--- a/templates/vhosts/php_drupal/php_drupal.erb
+++ b/templates/vhosts/php_drupal/php_drupal.erb
@@ -161,6 +161,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -395,6 +399,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb
index ee2275a..075db8c 100644
--- a/templates/vhosts/php_gallery2/php_gallery2.erb
+++ b/templates/vhosts/php_gallery2/php_gallery2.erb
@@ -148,6 +148,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -355,6 +359,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb
index 47da796..1cd17ba 100644
--- a/templates/vhosts/php_joomla/php_joomla.erb
+++ b/templates/vhosts/php_joomla/php_joomla.erb
@@ -163,6 +163,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         Include include.d/joomla.inc
 
@@ -394,6 +398,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         Include include.d/joomla.inc
diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb
index 170623f..2c9e1bd 100644
--- a/templates/vhosts/php_mediawiki/php_mediawiki.erb
+++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb
@@ -131,6 +131,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -311,6 +315,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb
index 580af05..2973d3e 100644
--- a/templates/vhosts/php_silverstripe/php_silverstripe.erb
+++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb
@@ -162,6 +162,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -395,6 +399,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb
index 37ac794..3b14edc 100644
--- a/templates/vhosts/php_simplemachine/php_simplemachine.erb
+++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb
@@ -134,6 +134,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -321,6 +325,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb
index da42d40..13c1199 100644
--- a/templates/vhosts/php_spip/php_spip.erb
+++ b/templates/vhosts/php_spip/php_spip.erb
@@ -140,6 +140,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -333,6 +337,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb
index 8195e41..c364927 100644
--- a/templates/vhosts/php_typo3/php_typo3.erb
+++ b/templates/vhosts/php_typo3/php_typo3.erb
@@ -46,6 +46,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if not ssl_mode.to_s == 'force' then -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
@@ -374,6 +378,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb
index f30ad91..c1003fe 100644
--- a/templates/vhosts/php_wordpress/php_wordpress.erb
+++ b/templates/vhosts/php_wordpress/php_wordpress.erb
@@ -136,6 +136,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
         <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
@@ -324,6 +328,10 @@
     AddDefaultCharset <%= default_charset %>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb
index 3251b7d..b007523 100644
--- a/templates/vhosts/proxy/proxy.erb
+++ b/templates/vhosts/proxy/proxy.erb
@@ -71,6 +71,10 @@
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Proxy *>
       Order deny,allow
       Allow from all
diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb
index ba93c46..e1928b5 100644
--- a/templates/vhosts/redirect/redirect.erb
+++ b/templates/vhosts/redirect/redirect.erb
@@ -61,6 +61,10 @@
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     Redirect permanent / https://<%= options %>
 
 </VirtualHost>
diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb
index 18168c1..7eac5a9 100644
--- a/templates/vhosts/static/static.erb
+++ b/templates/vhosts/static/static.erb
@@ -106,6 +106,10 @@
     AddDefaultCharset <%= default_charset %>
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb
index a4508b3..72b3e9a 100644
--- a/templates/vhosts/webdav/webdav.erb
+++ b/templates/vhosts/webdav/webdav.erb
@@ -140,6 +140,10 @@
     </IfModule>
 
     <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     DAVLockDB <%= real_dav_db_dir %>/DAVLock
     <Directory "<%= documentroot %>/">
         Dav on
author	mh <mh@immerda.ch>	2010-12-06 17:40:46 +0100
committer	mh <mh@immerda.ch>	2010-12-06 17:40:46 +0100
commit	a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 (patch)
tree	7c97eba3a7610c8151ab9d8e048cad77f1dd7d06 /templates
parent	c8c3719c722c23dc5c4187eaf487947340a95478 (diff)