Annotate

mod_strict_https/README.markdown @ 5516:f25df3af02c1

mod_client_management: Include client software version number in listing Should you ever wish to revoke a client by version number, e.g. for security reasons affecting certain versions, then it would be good to at the very least see which version is used. Also includes the OAuth2 software ID, an optional unique identifier that should be the same for all installations of a particular software.
author Kim Alvefur <zash@zash.se>
date Sat, 03 Jun 2023 19:21:39 +0200
parent 5415:f8797e3284ff
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
2 summary: HTTP Strict Transport Security
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
3 ---
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
5 # Introduction
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
7 This module implements [RFC 6797: HTTP Strict Transport Security] and
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
8 responds to all non-HTTPS requests with a `301 Moved Permanently`
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
9 redirect to the HTTPS equivalent of the path.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
11 # Configuration
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
13 Add the module to the `modules_enabled` list and optionally configure
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
14 the specific header sent.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
16 ``` lua
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
17 modules_enabled = {
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
18 ...
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
19 "strict_https";
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
20 }
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
21 hsts_header = "max-age=31556952"
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
22 ```
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
5415
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
24 If the redirect from `http://` to `https://` causes trouble with
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
25 internal use of HTTP APIs it can be disabled:
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
26
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
27 ``` lua
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
28 hsts_redirect = false
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
29 ```
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
30
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
31 # Compatibility
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
32
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
33 ------- -------------
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
34 trunk Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
35 0.12 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
36 0.11 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
37 ------- -------------