HSTS
or HTTP
Strict Transport Security provides an extra layer of security for HTTPS
(SSL
/ TLS
) traffic by preventing the connection to be downgraded to HTTP
, which is not encrypted.
HSTS
can be enabled in Apache
by enabling the headers
module with some specific configurations.
headers
module for Apache
. $ sudo a2enmod headers # Ubuntu, Debian and SUSE variants Enabling module headers. To activate the new configuration, you need to run: systemctl restart apache2
a2enmod
support can simply run the command above without having to manually enable the required modules.CentOS
and Red Hat
enables the module by default so requires no manual action to enable the modules.Options | Debian, Ubuntu | openSUSE and SLES | Fedora Core, CentOS, RHEL | macOS | homebrew | xampp |
---|---|---|---|---|---|---|
a2enmod support | yes | yes | no | no | no | no |
Modules to install | none | |||||
Module name | n/a | headers | ||||
Loadmodule directive | n/a | LoadModule headers_module <module_locations>/mod_headers.so |
Header
directive in virtual server configuration. <VirtualHost *:443> # ..... # .... Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </VirtualHost>
Apache
service for the changes to take effect. $ sudo systemctl restart apache2 # Ubuntu and Debian $ sudo systemctl restart httpd # CentOS and Red Hat
curl
. $ curl --head https://www.facebook.com HTTP/2 200 set-cookie: fr=1kSvv492E5q1inyhV..BeSNo2.VF.AAA.0.0.BeSNo2.AWXv6Ptp; expires=Sat, 16-May-2020 05:59:17 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly set-cookie: sb=NtpIXuU2eriH34nD6VfGz_em; expires=Tue, 15-Feb-2022 05:59:18 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly cache-control: private, no-cache, no-store, must-revalidate pragma: no-cache strict-transport-security: max-age=15552000; preload vary: Accept-Encoding x-content-type-options: nosniff x-frame-options: DENY x-xss-protection: 0 expires: Sat, 01 Jan 2000 00:00:00 GMT content-type: text/html; charset="utf-8" x-fb-debug: vMujBKiilKcPMV/+nHPJ1hc1edb5y08fSxdhwLel5lsiXHrqfWR9JNW1FX9y7lFivSJF+rhA6HOM77cSFuODaw== date: Sun, 16 Feb 2020 05:59:18 GMT alt-svc: h3-24=":443"; ma=3600 date: Sun, 16 Feb 2020 05:59:18 GMT
Guide compatibility:
Operating System |
---|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ubuntu 16.10 (Yakkety Yak) |
Ubuntu 17.04 (Zesty Zapus) |
Ubuntu 17.10 (Artful Aardvark) |
Ubuntu 18.04 LTS (Bionic Beaver) |
Ubuntu 18.10 (Cosmic Cuttlefish) |
Ubuntu 19.04 (Disco Dingo) |
Comment anonymously. Login not required.