WebFaction
Community site: login faq

hi!

I have an HTTPS app, and an HTTP -> HTTPS redirect set up for that app, but I need to add HTTP Strict Transport Security as well, to avoid SSL stripping.

I know that WebFaction uses a frontend - I believe nginix - is it possible to modify the nginix config to enable Strict Transport Security?

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

thanks!!

asked 27 Dec '14, 08:02

ffff
113
accept rate: 0%

edited 27 Dec '14, 08:02


You can not modify the front-end nginx server.

You can use a custom server and open the port directly which will bypass it.

permanent link

answered 28 Dec '14, 01:19

johns
5.3k212
accept rate: 23%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×93
×69
×1
×1
×1

question asked: 27 Dec '14, 08:02

question was seen: 1,850 times

last updated: 28 Dec '14, 01:19

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM