Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/148290
Change subject: wikitech - raise max-age for STS to 1 year
......................................................................
wikitech - raise max-age for STS to 1 year
after we deliberately started with just 7 days
to be careful, now raise it to a year.
this will then also fix the TOO SHORT warning
reported by Qualys SSL Server Test
Strict Transport Security (HSTS)
Yes max-age=604800 TOO SHORT (less than 180 days)
1 year is also used in examples on OWASP and en.wp
Change-Id: I4dc377c0abb8e2e9b3f5a2e292129a42bf3880d9
---
M templates/apache/sites/wikitech.wikimedia.org.erb
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/90/148290/1
diff --git a/templates/apache/sites/wikitech.wikimedia.org.erb
b/templates/apache/sites/wikitech.wikimedia.org.erb
index 0cc389f..0a82573 100644
--- a/templates/apache/sites/wikitech.wikimedia.org.erb
+++ b/templates/apache/sites/wikitech.wikimedia.org.erb
@@ -47,7 +47,7 @@
SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
SSLCACertificatePath /etc/ssl/certs/
- Header append Strict-Transport-Security "max-age=604800"
+ Header append Strict-Transport-Security "max-age=31536000"
RedirectMatch ^/$ https://<%= @webserver_hostname %>/wiki/
--
To view, visit https://gerrit.wikimedia.org/r/148290
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4dc377c0abb8e2e9b3f5a2e292129a42bf3880d9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
