HSTS - Strict-Transport-Security & Preload (& HTTPS / SSL HEADER ONLY)

#1
Hi, I'm getting mad of seeking for a way to set the HSTS header to be sent only during HTTPS access and never on HTTP. htaccess is not working at all for header, "CONTEXT" static is fully useless since it can't do it on HTTPS SSL only access. I've seen many people do it this way, but in context of Preload it's useless because it won't work if you send it over http, and will be pulled out of the list.

LiteSpeed 1.6.5 debian Buster. LSWS is my front end server.

Can You help me ? :);)
 

Pong

Administrator
#2
You can create a seperate https virtual host and set header in the context of it, at listener of 443, mapping yourdomain.com to your https virtual host instead of using the same virtaul host as http and https.
 

KRV

New Member
#3
You can create a seperate https virtual host and set header in the context of it, at listener of 443, mapping yourdomain.com to your https virtual host instead of using the same virtaul host as http and https.
Can you provide more detail? When i create new virtual host i dont see option for mapping to 443.
 
Top