Documentation survey

HTTP Strict Transport Security

HTTP Strict Transport Security https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Securityis a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

SUSE Manager를 사용하면 HSTS를 활성화하여 SUSE Manager 서버에 대해 활성화할 수 있습니다.

절차

  1. /etc/apache2/conf.d/<filename>.conf에 새 설정 파일(예: /etc/apache2/conf.d/zz-spacewalk-www-custom.conf)을 생성합니다.

  2. Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" 줄을 추가합니다.

  3. systemctl restart apache2로 Apache를 재시작합니다.

이를 SUSE Manager 프록시에서 활성화하려면 다음을 수행합니다.

절차

  1. /etc/apache2/conf.d/<filename>.conf에 새 설정 파일(예: /etc/apache2/conf.dz/zz-spacewalk-proxy-custom.conf)을 생성합니다.

  2. Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" 줄을 추가합니다.

  3. systemctl restart apache2로 Apache를 재시작합니다.

When naming the new config file <filename>.conf, make sure it is loaded at the right time. For example, to override something defined in spacewalk-www.conf the new file needs to be alphabetically after this file. For more information about how Apache loads files, see https://httpd.apache.org/docs.

When HSTS is enabled while using the default SSL certificate generated by SUSE Manager or a self-signed certificate, browsers will refuse to connect with HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by SUSE Manager, you can trust it by importing the file located at http://<SERVER-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT to the browsers of all users.