HTTP严格传输安全性(HSTS)是一种安全策略,可帮助防止降级攻击和Cookie劫持。
配置后,Web服务器为Web浏览器强制执行严格的HTTPS连接,也不通过InSecure HTTP协议来执行。
步骤1启用Apache2标题模块
要启用Ubuntu系统上的Apache2头模块,请运行以下命令:
sudo a2enmod headers
第2步:为Apache2启用HSTS
启用Apache2的标题模块后,请查看我们网站的VirtualHost文件并添加以下行。
该行应放在<VirtualHost *:443>和</VirtualHost>之间
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" </VirtualHost>
Ubuntu系统上的默认SSL文件位于/etc/apache2/sites-enabled/000-default-ssl.conf
将HTTP上的所有流量重定向到HTTPS上。
如果我们希望HSTS与Apache2正确运行,这是必须的。
<VirtulHost *:80> . .. RewriteEngine on RewriteCond %{SERVER_NAME} =www.example.com [OR] RewriteCond %{SERVER_NAME} =example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] . </VirtualHost>
保存文件并完成。
重新启动Apache2 Web服务器。
sudo systemctl restart apache2.service
日期:2020-07-07 20:57:15 来源:oir作者:oir