[MediaWiki-commits] [Gerrit] StrictTransportSecurity for lists.wm.org - change (operations/puppet)

Dzahn (Code Review) Wed, 10 Sep 2014 18:51:41 -0700

Dzahn has submitted this change and it was merged.

Change subject: StrictTransportSecurity for lists.wm.org
......................................................................



StrictTransportSecurity for lists.wm.org

this is a bit different because lists.wm.org
uses lighttpd instead of Apache

Bug: 38516
Change-Id: I53f27e7d82b720b5557f42ceef7d7bb26c95590c
---
M files/lighttpd/50-mailman.conf
1 file changed, 8 insertions(+), 0 deletions(-)

Approvals:
  Chmarkine: Looks good to me, but someone else must approve
  Filippo Giunchedi: Looks good to me, but someone else must approve
  Matanya: Looks good to me, but someone else must approve
  JanZerebecki: Looks good to me, but someone else must approve
  John F. Lewis: Looks good to me, but someone else must approve
  jenkins-bot: Checked
  Dzahn: Verified; Looks good to me, approved



diff --git a/files/lighttpd/50-mailman.conf b/files/lighttpd/50-mailman.conf
index 25ce147..4df9ead 100644
--- a/files/lighttpd/50-mailman.conf
+++ b/files/lighttpd/50-mailman.conf
@@ -6,6 +6,9 @@
 # Enable mod_redirect
 server.modules  += ( "mod_redirect" )
 
+# Enable mod_setenv (to set headers for STS)
+server.modules += ( "mod_setenv" )
+
 alias.url = (
        "/mailman/"     => "/usr/lib/cgi-bin/mailman/",
        "/pipermail/"   => "/var/lib/mailman/archives/public/",
@@ -81,3 +84,8 @@
 $HTTP["useragent"] =~ "ArchiveTeam ArchiveBot" {
        url.access-deny = ( "" )
 }
+
+# Strict Transport Security
+$HTTP["scheme"] == "https" {
+    setenv.add-response-header  = ( "Strict-Transport-Security" => 
"max-age=604800")
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/145500
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I53f27e7d82b720b5557f42ceef7d7bb26c95590c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: Chmarkine <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: JanZerebecki <[email protected]>
Gerrit-Reviewer: Jeremyb <[email protected]>
Gerrit-Reviewer: John F. Lewis <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: Matanya <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] StrictTransportSecurity for lists.wm.org - change (operations/puppet)

Reply via email to