• Support
  • Forums
  • Blogs

Header always set Strict-Transport-Security

tcaetanotcaetano

New Life Form
+2
We configured the apache server to use Header always set Strict-Transport-Security in file "/etc/apache2/sites-enabled/alienvault-ssl.conf"

It works and we got past the PCI vulnerability test. Problem comes when we execute ossim-reconfig (when any change is made and requires reconfig), the setting  "Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" gets erased from the config file. Our guess is that during ossim-reconfig, alienvault-ssl.conf file is replaced by a defalut one.

Is there a way to find the original config to add this line?? or a way to prevent the file from override?

any kind of solution is appreciated.






Tagged:

Share post:

Sign In or Register to comment.