Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [hsts]

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites.

HTTP Strict Transport Security (HSTS) defined in RFC 6797 is a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by web sites via the Strict-Transport-Security HTTP response header field and/or by other means, such as user agent configuration, for example.

57 questions
0
votes
1 answer

If I'm using HSTS on nginx, does the website force redirecting to HTTP?

I need to access some images and JS files through HTTP, but if I enable HSTS with add_header Strict-Transport-Security "max-age=31536000";, all files are served forcibly through HTTPS. So I used add_header Strict-Transport-Security "max-age=0;". Is…
Seo
  • 1
0
votes
1 answer

Point a subdomain to a separate IP address using DNS/nginx

I'm trying to point a subdomain to a different IP address on a different server, but for some reason it's only working every once in awhile (say 1 out of 20 times). Browsing to http//galera.domain.com throws a "took to long to respond" error and…
iisor
  • 41
  • 4
0
votes
1 answer

how do i send website traffic to an http port if i have Strict-Transport-Security enforced?

how do i send website traffic to an http port if i have Strict-Transport-Security is enforced For example i have Strict-Transport-Security enforced if i embed a link that leads to http port 8000 the visitor is directed to https port 8000 The result…
jehovahsays
  • 165
  • 6
0
votes
1 answer

SSL on CloudFront fails test

I'm hosting a static website on S3/Cloudfront. I have enabled SSL using an Amazon provided SSL certificate. Unfortunately, the setup seems to be failing the SSL tests. Any idea what could cause this?
chrisvdb
  • 1,279
  • 2
  • 12
  • 15
0
votes
0 answers

IIS 10 will not redirect HTTP to HTTPS after enabling HSTS

I am attempting to force end users onto HTTPS when visiting our site. I have HSTS enabled in IIS at the site and application level. I have an HTTP redirect set up at the site level to https://ourdomain.com. I can visit the home page for our site and…
Greg Burghardt
  • 101
  • 4
0
votes
0 answers

thttpd support Strict Transport Security (HSTS) header

I try to understand if thttpd support header because my webserver doesn't show the HSTS and I don't think he use it and I want that he will do.
avigezer
  • 1
0
votes
1 answer

I don't want HSTS on port 8001 but on other ports

I have hsts set for my domain in Nginx.conf . It will redirect my website to https for main port 80. But I don't want the redirect to happen for my other port. How do I do this?
Marve
  • 1
0
votes
1 answer

Warning: Unnecessary HSTS header over HTTP

we would like to add the HSTS header to our page https://www.wipfelglueck.de Our page is running on a shared server, so we don't have access to the httpd.conf. We tried to enable this header via the .htaccess file like this:
user3310735
  • 1
  • 2
0
votes
1 answer

HSTS policy not preloaded on non www host

i am not very familiar with HSTS , but i try to implement it on my shared webhosting server. Seems i have gotten it to work on host with www. but not on apex host. Hardenize security audit flags it as an issue, audit report:…
user2033139
  • 103
  • 1
0
votes
1 answer

How to avoid HSTS error by hosts redirect with self-signed certificate?

I created this records in windows hosts file 127.0.0.1 a.domain.name 127.0.0.1 b.domain.name 127.0.0.1 c.domain.name where 127.0.0.1 - ip of my server [a,b,c].domain.name - domains wich from i need to get redirect to my server So, how i need to…
Dmytro Likhachev
  • 3
  • 4
-1
votes
2 answers

Nginx forwarding presenting wrong certificate

I have a little problem with nginx. We have two subdomains we own, let's call them domain1.com and domain2.com. For domain2 we don't have further subdomains, for domain1 we have several. If someone enters www.domain2.com I would like nginx to…
Richard Rosner
  • 11
  • 5
-1
votes
2 answers

Apache redirect with HSTS

I need to redirect all for example.com to https://www.example.com with HSTS turned on. How to do it? I got configuration in vhost80 and vhost443. What to fix in this code: in vhost 80 RewriteCond %{SERVER_NAME} =www.example.com [OR] RewriteCond…
Kamil Bu
  • 9
  • 4
1 2 3
4