From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 6 Dec 2010 17:40:46 +0100
Subject: add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security

This will tell browsers to interact with that site only per HTTPS.
---
 templates/vhosts/proxy/proxy.erb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'templates/vhosts/proxy')

diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb
index 3251b7d..b007523 100644
--- a/templates/vhosts/proxy/proxy.erb
+++ b/templates/vhosts/proxy/proxy.erb
@@ -71,6 +71,10 @@
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     <Proxy *>
       Order deny,allow
       Allow from all
-- 
cgit v1.2.3