步驟如下:
1.開啟 apache headers
sudo a2enmod headers
2.
設定 /etc/apache2/conf-available/security.conf ,加上 header 設定
1 2 3 4 5 6 7 8 |
語法基本如下: Strict-Transport-Security: max-age=<expire-time> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains Strict-Transport-Security: max-age=<expire-time>; preload 可直接複製下面貼到security.conf: Header always set Strict-Transport-Security "max-age=31536000;includeSubdomains; preload" |
3.重開apache
sudo service apache2 reload
參考文章:
[apache] apache 設定 HSTS ( HTTP Strict Transport Security )