Enable HTTP Strict Transport Security in Apache

-
While redirecting all traffic to HTTPS is good, it may not completely prevent man-in-the-middle attacks. Thus administrators are encouraged to set the HTTP Strict Transport Security header, which instructs browsers to not allow any connection to using HTTP, and it attempts to prevent site visitors from bypassing invalid certificate warnings.
This can be achieved by setting the following settings within the Apache VirtualHost file:
<VirtualHost *:443>
    ServerName example.com
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</VirtualHost>
This example configuration will make all subdomains only accessible via HTTPS. If you have subdomains not accessible via HTTPS, remove includeSubdomains;.
Note: Require mod_headers extension in Apache. Using a long max-age is 1 year

Comments

Post a Comment

Popular posts from this blog

Web Servers Load balancing with HAProxy

-
HAProxy is a free, very fast and reliable solution offering  high availability , load balancing , and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world’s most visited ones. See more at  http://haproxy.org This tuturial, I use hostname and ip as follows: 10.11.218.250 (haproxy) 10.11.218.251 (srv-web01) 10.11.218.252 (srv-web02) Installing HAProxy server #yum install haproxy [RedHat Systems] #apt-get install haproxy [Debian Systems] Configuring HAProxy Server Opening the main HAProxy configuration file ‘/etc/haproxy/haproxy.cfg’ and editing the following content: #---------------------------------------------------------------- # Global settings global # need to: # to have these messages end up in /var/log/haproxy.log you will # # by adding the '-r' option to the SYSLOGD_OPTIONS in # 1) configure syslog to accept network log events. This i
Read more

Redirect all unencrypted traffic to HTTPS in Apache

-
To redirect all HTTP traffic to HTTPS administrators are encouraged to issue a permanent redirect using the 301 status code. When using Apache this can be achieved by a setting such as the following in the Apache VirtualHosts config: <VirtualHost *:80> ServerName example.com Redirect permanent / https://example.com/ </VirtualHost>
Read more

Using nginx as http load balancer

-
Image
Load balancing across multiple application instances is a commonly used technique for optimizing resource utilization, maximizing throughput, reducing latency, and ensuring fault-tolerant configurations. Nginx is a very efficient HTTP load balancer to distribute traffic to several application servers and to improve performance, scalability and reliability of web applications. Nginx Load balancing methods The following load balancing mechanisms (or methods) are supported in nginx: round-robin least-connected ip-hash See detail at http://nginx.org/en/docs/http/load_balancing.html Initialization Nginx Load Banlancing In this tutorial I use any hostname and ip addresses as follows: srv-lb01 (10.11.218.250) (Nginx load balancer) srv-web01 (10.11.218.251) ( Web server) srv-web02 (10.11.218.252) ( Web server) srv-web03 (10.11.218.253) ( Web server) Note: pointing nginx.vn to 10.11.218.250 (Replace nginx.vn with your real site name) Default load balancing c
Read more