From 62c73923f391529297d7469c9a970530943af9ec Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 20 Feb 2015 21:32:18 +0000 Subject: [PATCH] Set HSTS on id.fp.o manually to disable subdomains --- roles/httpd/reverseproxy/templates/reversepassproxy.id.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf index ec258f884c..c94b9f77dd 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf @@ -26,6 +26,8 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] +Header always add Strict-Transport-Security "max-age=15768000; preload" + RewriteRule ^(.+) - [PT]