HSTS support

author: Silvio Rhatto <rhatto@riseup.net> 2011-12-05 18:34:28 -0200
committer: Silvio Rhatto <rhatto@riseup.net> 2011-12-05 18:34:28 -0200
commit: f690c065246f1a31e732c0a24100401e58a1adb2 (patch)
tree: 78ec1b6132e38ac754625f17a542bb304bce6fed /templates/site.erb
parent: 03a5f804a20b98ccea8598aa7893c914c7fa1ee6 (diff)
download: puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.gz
puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/templates/site.erb b/templates/site.erb
index 25dd22d..246e616 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -4,8 +4,12 @@
 <% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
    DocumentRoot <%= docroot %>
  <% if https_redirect != false %>
+    # Use HTTP Strict Transport Security to force client to use secure connections only
+    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
+    # Redirect all HTTP to HTTPS
     RewriteEngine On
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
 <% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
 <% if redirect != false %>   Redirect <%= redirect %><% end %>
 <% if aliases != false %><% aliases.each do |map| -%>
author	Silvio Rhatto <rhatto@riseup.net>	2011-12-05 18:34:28 -0200
committer	Silvio Rhatto <rhatto@riseup.net>	2011-12-05 18:34:28 -0200
commit	f690c065246f1a31e732c0a24100401e58a1adb2 (patch)
tree	78ec1b6132e38ac754625f17a542bb304bce6fed /templates/site.erb
parent	03a5f804a20b98ccea8598aa7893c914c7fa1ee6 (diff)
download	puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.gz puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.bz2