Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Martin: NameVirtualHost
Martin: NameVirtualHost *:7777<VirtualHost *:7777> ServerName <servername> Redirect / https:<servername>:443/</VirtualHost>
Click to add to Favorites How to Configure HTTP Strict Transport Security (HSTS) for Oracle HTTP Server 11g? To BottomTo Bottom
In this Document
Goal
Solution
APPLIES TO:
Oracle HTTP Server - Version 11.1.1.0.0 to 11.1.1.9.0 [Release Oracle11g]
Information in this document applies to any platform.
GOAL
How to configure HTTP Strict Transport Security (HSTS) for Oracle HTTP Server 11g?
SOLUTION
There is no official documentation from Oracle for this configuration, but you can add below parameters in $INSTANCE_HOME/config/OHS/ohs1/ssl.conf.
1. Add below line to VirtualHost in $INSTANCE_HOME/config/OHS/ohs1/ssl.conf file
<VirtualHost IPaddress:sslport>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>
2. Restart OHS
3. To test if HSTS has been configured, access OHS on ssl port and capture headers through "Live HTTP Headers extension" on Chrome (you can use the curl utility too)
GET / HTTP/1.1
Host: examplehost.exampledomain.com:4443
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
HTTP/1.1 200 OK
Accept-Ranges: bytes
Connection: Keep-Alive
Content-Language: en
Content-Length: 11028
Content-Type: text/html
Date: Tue, 16 Sep 2014 10:29:44 GMT
ETag: "1600000002481e-2b14-4fdc5d4d121b8"
Keep-Alive: timeout=5, max=100
Last-Modified: Wed, 09 Jul 2014 17:13:47 GMT
Server: Oracle-Application-Server-11g
Strict-Transport-Security: max-age=31536000; includeSubDomains
No comments:
Post a Comment