From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 6 Dec 2010 17:40:46 +0100
Subject: add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security

This will tell browsers to interact with that site only per HTTPS.
---
 templates/vhosts/php_wordpress/php_wordpress.erb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'templates/vhosts/php_wordpress/php_wordpress.erb')

diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb
index f30ad91..c1003fe 100644
--- a/templates/vhosts/php_wordpress/php_wordpress.erb
+++ b/templates/vhosts/php_wordpress/php_wordpress.erb
@@ -135,6 +135,10 @@
         AssignUserId <%= run_uid+" "+run_gid %>
     </IfModule>
 
+    <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
     <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
@@ -323,6 +327,10 @@
     <%- if default_charset.to_s != 'absent' then -%>
     AddDefaultCharset <%= default_charset %>
 
+    <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
     <%- end -%>
     <%- if run_mode.to_s == 'static-itk' -%>
     <Directory "<%= documentroot %>/">
-- 
cgit v1.2.3