HSTS (HTTP Strict Transport Security) is a security feature that lets a web site tell browsers that it should only be communicated using HTTPS, instead of using HTTP.
If a web site accepts a connection through HTTP and redirects to HTTPS, the user in this case may initially talk to the non-encrypted version of the site before being redirected to encrypted version.
If, for example, the user types http://www.example.com/ or even just example.com, the initial conversation happens over http before being redirected to https.
This opens up the potential for a man-in-the-middle attack, where the redirect could be exploited to direct a user to a malicious site instead of the secure version of the original page.
The HTTP Strict Transport Security feature lets a web site inform the browser that it should never load the site using HTTP, and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.
Configuring HSTS on Apache server
1. Make sure mod_headers module is installed
LoadModule headers_module modules/mod_headers.so
2. Set the header so that every time user visits web site, expiration time is set to 2 yrs and is applied to all sub domains too
<VirtualHost 67.34.67.43:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</VirtualHost>
You have to set this on HTTPS VirtualHost only
2. Write a rewrite rule to redirect visitors to HTTPS.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
3. Restart Apache server
# /etc/init.d/httpd restart
4. Confirm that change took effect
1xBet Korean Slot Game Review & Free Spins | BONUS2BET
ReplyDeleteRead our 1xbet korean slot review 1xbet mobi & play the free demo game Free Spins ➤ Enjoy exclusive welcome offer of 20x wager bonus!