Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/148289
Change subject: OTRS - raise max-age for STS to 1 year
......................................................................
OTRS - raise max-age for STS to 1 year
after we deliberately started with just 7 days
to be careful, now raise it to a year.
this will then also fix the TOO SHORT warning
reported by Qualys SSL Server Test
Strict Transport Security (HSTS)
Yes max-age=604800 TOO SHORT (less than 180 days)
1 year is also used in examples on OWASP and en.wp
Change-Id: I79ca8963e932583b04f715abd4cd4b38f49cc9bf
---
M files/apache/sites/ticket.wikimedia.org
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/89/148289/1
diff --git a/files/apache/sites/ticket.wikimedia.org
b/files/apache/sites/ticket.wikimedia.org
index 9e4547a..a0a9282 100644
--- a/files/apache/sites/ticket.wikimedia.org
+++ b/files/apache/sites/ticket.wikimedia.org
@@ -26,7 +26,7 @@
SSLCertificateKeyFile /etc/ssl/private/ticket.wikimedia.org.key
SSLCACertificatePath /etc/ssl/certs/
- Header set Strict-Transport-Security "max-age=604800"
+ Header set Strict-Transport-Security "max-age=31536000"
# Make an access log, so we know when people abuse OTRS's insecure
interface
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
combined
--
To view, visit https://gerrit.wikimedia.org/r/148289
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I79ca8963e932583b04f715abd4cd4b38f49cc9bf
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
