From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 6 Dec 2010 17:40:46 +0100
Subject: add STS header for enforced SSL sites

* http://en.wikipedia.org/wiki/Strict_Transport_Security

This will tell browsers to interact with that site only per HTTPS.
---
 templates/vhosts/redirect/redirect.erb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'templates/vhosts/redirect/redirect.erb')

diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb
index ba93c46..e1928b5 100644
--- a/templates/vhosts/redirect/redirect.erb
+++ b/templates/vhosts/redirect/redirect.erb
@@ -61,6 +61,10 @@
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
 
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    <%- end -%>
     Redirect permanent / https://<%= options %>
 
 </VirtualHost>
-- 
cgit v1.2.3