From a87d7b91cc95c8ac7aee327e4cf4d3ce564cdea1 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 6 Dec 2010 17:40:46 +0100 Subject: add STS header for enforced SSL sites * http://en.wikipedia.org/wiki/Strict_Transport_Security This will tell browsers to interact with that site only per HTTPS. --- templates/vhosts/gitweb/gitweb.erb | 4 ++++ templates/vhosts/passenger/passenger.erb | 4 ++++ templates/vhosts/perl/perl.erb | 8 ++++++++ templates/vhosts/php/php.erb | 8 ++++++++ templates/vhosts/php_drupal/php_drupal.erb | 8 ++++++++ templates/vhosts/php_gallery2/php_gallery2.erb | 8 ++++++++ templates/vhosts/php_joomla/php_joomla.erb | 8 ++++++++ templates/vhosts/php_mediawiki/php_mediawiki.erb | 8 ++++++++ templates/vhosts/php_silverstripe/php_silverstripe.erb | 8 ++++++++ templates/vhosts/php_simplemachine/php_simplemachine.erb | 8 ++++++++ templates/vhosts/php_spip/php_spip.erb | 8 ++++++++ templates/vhosts/php_typo3/php_typo3.erb | 8 ++++++++ templates/vhosts/php_wordpress/php_wordpress.erb | 8 ++++++++ templates/vhosts/proxy/proxy.erb | 4 ++++ templates/vhosts/redirect/redirect.erb | 4 ++++ templates/vhosts/static/static.erb | 4 ++++ templates/vhosts/webdav/webdav.erb | 4 ++++ 17 files changed, 112 insertions(+) (limited to 'templates') diff --git a/templates/vhosts/gitweb/gitweb.erb b/templates/vhosts/gitweb/gitweb.erb index 4beda07..0f72447 100644 --- a/templates/vhosts/gitweb/gitweb.erb +++ b/templates/vhosts/gitweb/gitweb.erb @@ -116,6 +116,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + SetEnv GITWEB_CONFIG <%= gitweb_config %> DirectoryIndex gitweb.cgi <%- if not ssl_mode.to_s == 'force' then -%> diff --git a/templates/vhosts/passenger/passenger.erb b/templates/vhosts/passenger/passenger.erb index fd9f555..33cf280 100644 --- a/templates/vhosts/passenger/passenger.erb +++ b/templates/vhosts/passenger/passenger.erb @@ -106,6 +106,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> + /"> AllowOverride <%= allow_override %> <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%> diff --git a/templates/vhosts/perl/perl.erb b/templates/vhosts/perl/perl.erb index b922637..5153925 100644 --- a/templates/vhosts/perl/perl.erb +++ b/templates/vhosts/perl/perl.erb @@ -130,6 +130,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%> @@ -337,6 +341,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- unless run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php/php.erb b/templates/vhosts/php/php.erb index 97e9b10..5f05b7b 100644 --- a/templates/vhosts/php/php.erb +++ b/templates/vhosts/php/php.erb @@ -139,6 +139,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -332,6 +336,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_drupal/php_drupal.erb b/templates/vhosts/php_drupal/php_drupal.erb index dc40e8a..0fdef81 100644 --- a/templates/vhosts/php_drupal/php_drupal.erb +++ b/templates/vhosts/php_drupal/php_drupal.erb @@ -160,6 +160,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -394,6 +398,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_gallery2/php_gallery2.erb b/templates/vhosts/php_gallery2/php_gallery2.erb index ee2275a..075db8c 100644 --- a/templates/vhosts/php_gallery2/php_gallery2.erb +++ b/templates/vhosts/php_gallery2/php_gallery2.erb @@ -147,6 +147,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -354,6 +358,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_joomla/php_joomla.erb b/templates/vhosts/php_joomla/php_joomla.erb index 47da796..1cd17ba 100644 --- a/templates/vhosts/php_joomla/php_joomla.erb +++ b/templates/vhosts/php_joomla/php_joomla.erb @@ -162,6 +162,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> Include include.d/joomla.inc @@ -393,6 +397,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_mediawiki/php_mediawiki.erb b/templates/vhosts/php_mediawiki/php_mediawiki.erb index 170623f..2c9e1bd 100644 --- a/templates/vhosts/php_mediawiki/php_mediawiki.erb +++ b/templates/vhosts/php_mediawiki/php_mediawiki.erb @@ -130,6 +130,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -310,6 +314,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_silverstripe/php_silverstripe.erb b/templates/vhosts/php_silverstripe/php_silverstripe.erb index 580af05..2973d3e 100644 --- a/templates/vhosts/php_silverstripe/php_silverstripe.erb +++ b/templates/vhosts/php_silverstripe/php_silverstripe.erb @@ -161,6 +161,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -394,6 +398,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_simplemachine/php_simplemachine.erb b/templates/vhosts/php_simplemachine/php_simplemachine.erb index 37ac794..3b14edc 100644 --- a/templates/vhosts/php_simplemachine/php_simplemachine.erb +++ b/templates/vhosts/php_simplemachine/php_simplemachine.erb @@ -133,6 +133,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -320,6 +324,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_spip/php_spip.erb b/templates/vhosts/php_spip/php_spip.erb index da42d40..13c1199 100644 --- a/templates/vhosts/php_spip/php_spip.erb +++ b/templates/vhosts/php_spip/php_spip.erb @@ -139,6 +139,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -332,6 +336,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_typo3/php_typo3.erb b/templates/vhosts/php_typo3/php_typo3.erb index 8195e41..c364927 100644 --- a/templates/vhosts/php_typo3/php_typo3.erb +++ b/templates/vhosts/php_typo3/php_typo3.erb @@ -45,6 +45,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if not ssl_mode.to_s == 'force' then -%> /"> @@ -373,6 +377,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/php_wordpress/php_wordpress.erb b/templates/vhosts/php_wordpress/php_wordpress.erb index f30ad91..c1003fe 100644 --- a/templates/vhosts/php_wordpress/php_wordpress.erb +++ b/templates/vhosts/php_wordpress/php_wordpress.erb @@ -135,6 +135,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> /"> AllowOverride <%= allow_override %> @@ -323,6 +327,10 @@ <%- if default_charset.to_s != 'absent' then -%> AddDefaultCharset <%= default_charset %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> <%- if run_mode.to_s == 'static-itk' -%> /"> diff --git a/templates/vhosts/proxy/proxy.erb b/templates/vhosts/proxy/proxy.erb index 3251b7d..b007523 100644 --- a/templates/vhosts/proxy/proxy.erb +++ b/templates/vhosts/proxy/proxy.erb @@ -71,6 +71,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> Order deny,allow Allow from all diff --git a/templates/vhosts/redirect/redirect.erb b/templates/vhosts/redirect/redirect.erb index ba93c46..e1928b5 100644 --- a/templates/vhosts/redirect/redirect.erb +++ b/templates/vhosts/redirect/redirect.erb @@ -61,6 +61,10 @@ CustomLog <%= logdir %>/access_log combined <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> Redirect permanent / https://<%= options %> diff --git a/templates/vhosts/static/static.erb b/templates/vhosts/static/static.erb index 18168c1..7eac5a9 100644 --- a/templates/vhosts/static/static.erb +++ b/templates/vhosts/static/static.erb @@ -106,6 +106,10 @@ AddDefaultCharset <%= default_charset %> <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + + <%- end -%> <%- if options.to_s != 'absent' or htpasswd_file.to_s != 'absent' then -%> /"> AllowOverride <%= allow_override %> diff --git a/templates/vhosts/webdav/webdav.erb b/templates/vhosts/webdav/webdav.erb index a4508b3..72b3e9a 100644 --- a/templates/vhosts/webdav/webdav.erb +++ b/templates/vhosts/webdav/webdav.erb @@ -139,6 +139,10 @@ AssignUserId <%= run_uid+" "+run_gid %> + <%- end -%> + <%- if ssl_mode.to_s == 'force' then -%> + Header add Strict-Transport-Security "max-age=15768000" + <%- end -%> DAVLockDB <%= real_dav_db_dir %>/DAVLock /"> -- cgit v1.2.3