R.W
Reputation: 560
HTTP Strict Transport Security on openshift
How do I enable HTTP Strict Transport Security on openshift portal? I am working on a php application and not very sure where to make this setting. I believe I need access to Apache configuration file to achieve this - which I don't think openshift allows.
Upvotes: 4
Views: 1756
Answers (1)
luciddreamz
Reputation: 2093
Just create an .htaccess file and add the HSTS header there.
# Force https
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Add HSTS header
Header set Strict-Transport-Security "max-age=31536000"
Upvotes: 5
Related Questions
- HSTS preload Meaning
- Set Strict-Transport-Security header for API
- Openshift: create passthrough secure route
- Openshift: Change the https to http
- Openshift 3.11 header based routing
- Add Strict-Transport-Security header to all HTTPS responses?
- security headers Strict-Transport-Security available for http?
- Why does RFC 6797 forbid sending of the Strict-Transport-Security header over plain HTTP responses?
- Headers for security
- Prevent https on Openshift