Attachment 7177 Details for Bug 37637 – Enable HSTS via UCR

[patch] Enable HSTS via UCR

univention-apache.diff (text/plain), 3.33 KB, created by Michael Grandjean on 2015-09-19 23:28:26 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Grandjean

Created: 2015-09-19 23:28:26 CEST

Size: 3.33 KB

patch

obsolete

>Index: univention-apache/debian/univention-apache.univention-config-registry
>===================================================================
>--- univention-apache/debian/univention-apache.univention-config-registry	(Revision 63847)
>+++ univention-apache/debian/univention-apache.univention-config-registry	(Arbeitskopie)
>@@ -21,6 +21,9 @@
> Variables: apache2/ssl/honorcipherorder
> Variables: apache2/ssl/ciphersuite
> Variables: apache2/force_https
>+Variables: apache2/hsts/enabled
>+Variables: apache2/hsts/max-age
>+Variables: apache2/hsts/includeSubDomains
> 
> Type: module
> Module: extension.py
>Index: univention-apache/debian/univention-apache.univention-config-registry-variables
>===================================================================
>--- univention-apache/debian/univention-apache.univention-config-registry-variables	(Revision 63847)
>+++ univention-apache/debian/univention-apache.univention-config-registry-variables	(Arbeitskopie)
>@@ -16,6 +16,24 @@
> Type=bool
> Categories=service-apache
> 
>+[apache2/hsts/enabled]
>+Description[en]=Enable HTTP Strict Transport Security (HSTS) by setting this variable to 'yes'. 'apache2/force_https' should be enabled additionally to take full advantage of HSTS. 
>+Description[de]=Aktiviert HTTP Strict Transport Security (HSTS), wenn auf 'yes' gesetzt. 'apache2/force_https' sollte zusÃ¤tzlich aktiviert werden, um den Vorteil von HSTS voll nutzen zu kÃ¶nnen.
>+Type=bool
>+Categories=service-apache
>+
>+[apache2/hsts/max-age]
>+Description[en]=Time in seconds of how long web browsers will cache and enforce the HSTS policy on the host. Defaults to '10886400' - which are 18 weeks.
>+Description[de]=Zeit in Sekunden, fÃ¼r die Webbrowser die HSTS Richtlinie fÃ¼r diesen Host zwischenspeichern und anwenden. Der Standard ist '10886400' - also 18 Wochen.
>+Type=int
>+Categories=service-apache
>+
>+[apache2/hsts/includeSubDomains]
>+Description[en]=Applies HSTS policy also to subdomains if set to 'yes'.
>+Description[de]=Wendet die HSTS Richtlinie auch auf Subdomains an, wenn auf 'yes' gesetzt.
>+Type=bool
>+Categories=service-apache
>+
> [php/memory/limit]
> Description[de]=Der maximale Speicher, den ein PHP-Skript in Anspruch nehmen kann. Um z.B. 256 Megabyte zu konfigurieren, muss '256M' angegeben werden. Ist die Variable nicht gesetzt, kÃ¶nnen 128 MB benutzt werden.
> Description[en]=The maximum memory that a PHP script can use. E.g., to configure 256 megabytes, '256M' needs to be specified. If the variable is unset, 128 MB are permitted.
>Index: univention-apache/conffiles/etc/apache2/mods-available/ssl.conf
>===================================================================
>--- univention-apache/conffiles/etc/apache2/mods-available/ssl.conf	(Revision 63847)
>+++ univention-apache/conffiles/etc/apache2/mods-available/ssl.conf	(Arbeitskopie)
>@@ -96,6 +96,11 @@
> <IfModule mod_ssl.c>
> SSLEngine on
> @!@
>+if configRegistry.is_true('apache2/hsts/enabled', default=False):
>+	if configRegistry.is_true('apache2/hsts/includeSubDomains'):
>+		print 'Header always set Strict-Transport-Security "max-age=%s ; includeSubDomains"' % (configRegistry.get('apache2/hsts/max-age', '10886400'))
>+	else:
>+		print 'Header always set Strict-Transport-Security "max-age=%s"' % (configRegistry.get('apache2/hsts/max-age', '10886400'))
> if configRegistry.get('apache2/ssl/certificate'):
> 	print 'SSLCertificateFile %s' % configRegistry.get('apache2/ssl/certificate')
> else:

Actions: View | Diff

Attachments on bug 37637: 7177