HSTS - Strict-Transport-Security & Preload (& HTTPS / SSL HEADER ONLY)

jonathandhn

jonathandhn

New Member
#1
#1
Hi, I'm getting mad of seeking for a way to set the HSTS header to be sent only during HTTPS access and never on HTTP. htaccess is not working at all for header, "CONTEXT" static is fully useless since it can't do it on HTTPS SSL only access. I've seen many people do it this way, but in context of Preload it's useless because it won't work if you send it over http, and will be pulled out of the list.

LiteSpeed 1.6.5 debian Buster. LSWS is my front end server.

Can You help me ? :);)
 
P

Pong

Administrator
#2
#2
You can create a seperate https virtual host and set header in the context of it, at listener of 443, mapping yourdomain.com to your https virtual host instead of using the same virtaul host as http and https.
 
KRV

KRV

New Member
#3
#3
Pong said:
You can create a seperate https virtual host and set header in the context of it, at listener of 443, mapping yourdomain.com to your https virtual host instead of using the same virtaul host as http and https.
Click to expand...
Can you provide more detail? When i create new virtual host i dont see option for mapping to 443.
 
Cold-Egg

Cold-Egg

Administrator
#4
#4
You will do the mapping after the Virtual host created.
Go to Listener > your HTTPS listener, click Add button of the Virtual Host Mappings section.
 
You must log in or register to reply here.
Top