I usually just place httpd auth in front of the phpadmin login page, and let my
browser memorize that password.
Eddie
-Original Message-
From: Nick Owen [mailto:owen.n...@gmail.com]
Sent: Monday, November 03, 2014 6:27 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] hackers
I would like to track what is causing apache to gracefully restart. I
already have a log monitor alert me when [notice] Graceful restart
requested, doing restart shows up in the logs. It is not a log rotation:
it happens at irregular times time through the day, but they are scheduled
for once a
The cert is self signed. Whats is the conclusion, chrome is violating the RFC?
It DOES let me proceed.
On 10/6/14 5:52 PM, Scott (firstclasswatches.co.uk) wrote:
Hello,
Not strictly a httpd specific issue but nevertheless, Chrome/Firefox
should ignore the header because it is not delivered
Is it possible to an AND clause to the IF, so that it only adds the header when
env=HTTPS ?
Thanks!
I am using
SetEnvIF Host ^[dev\.domain\.com]$|^[\w+\.dev\.domain\.com]$ AllowDomain=1
SetEnvIF AllowDomain HTTPS HEADER_PROCESSING=1
IfModule mod_headers.c
Header add Strict-Transport-Security max-age=15768000;includeSubDomains
env=HEADER_PROCESSING
/IfModule
To avoid sending the
I have an https server that sets the HSTS header, but up to date Chrome (and
other HSTS compatible browsers, such as Firefox 32) still let the user
proceed to HTTPS. Isn't the specific reason HSTS exists to prevent users
from proceeding?
Here's the server: http://pastebin.com/JFJw1m40
How
Great answer, thank you Scott.
Do you recommend only setting the HSTS header for https requests?
I set HSTS for HTTPS only, using this directive at the beginning of httpd.conf
(apache 2.2)
IfModule mod_headers.c
Header add Strict-Transport-Security max-age=15768000;includeSubDomains
env=HTTPS
/IfModule
How can I tell Apache to not set HSTS for specific virtual hosts (using some