• Webconn Technology
    • GPU Server

      • Dedicated GPU Servers with NVIDIA RTX/A100 GPUs for accelerated AI training, rendering, and scientific computing. Features CUDA cores, 24GB-141GB VRAM, and parallel processing. Pre-configured with TensorFlow/PyTorch.

      • nvidia rtx A6000
      • Buy GPU Servers
    • Dedicated Server

      • Experience blazing-fast speeds & ironclad security with your own dedicated server. No shared resources. Fully customizable plans for gaming, e-commerce, and big data. Start now!

      • datacenter
      • Buy Dedicated Servers
    • Shared Hosting

      • Get user-friendly DirectAdmin shared hosting for your website. Enjoy an intuitive control panel, one-click app installs, and reliable performance. Perfect for blogs, small business sites, and portfolios.

      • shared hosting web
      • Buy Shared Hosting
    • Domains

      • Search and register the perfect domain name for your website. Get a memorable .com, .net, .org or niche TLD to start building your brand online. Includes free privacy protection.

      • domain names register
      • Buy Domain names
    • VPS

      • Experience the power of a dedicated server without the high cost. Our VPS hosting guarantees CPU, RAM, and storage for your site, ensuring optimal performance and stability.

      • vps hosting
      • Buy VPS Servers
  • Blog
  • Dashboard

Table of Contents

Enable HTTP Strict Transport Security (HSTS) on Apache HTTPD

Sohail Qamar

Category:
TOC

Table of Contents

This guide explains how to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD.

Solution

The first step is to verify that Apache HTTPD headers module is enabled. Check the following text in /etc/httpd/conf.modules.d/00-base.conf or /etc/httpd/conf/httpd.conf.

LoadModule headers_module modules/mod_headers.so

Add the following text in /etc/httpd/conf.d/ssl.conf to <VirtualHost *:443> virtual host or for each SSL enabled virtual host.

Header always set Strict-Transport-Security "max-age=58099000; includeSubDomains"

The final step is to redirect traffic from the non-encrypted virtual host to HTTPS as follows:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

Restart HTTPD service as follows:

systemctl restart httpd

Leave a Reply

Latest Articles