Menu

Topic-icon HSTS Check fails

  • chevreriecb
  • chevreriecb's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
1 month 6 days ago #7615 by chevreriecb
HSTS Check fails was created by chevreriecb
Hi,
I activated all functions in .htaccess Protection also HSTS protection. When checking in .htaccess the lines are present, but when performing a check with check-your-website.server-daten.de, it reports :

Missing HSTS-Header

Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.

I couldn't find what I did wrong.
Have you any idea ?

Thanks

Please Log in or Create an account to join the conversation.

More
1 month 6 days ago #7616 by Jose
Replied by Jose on topic HSTS Check fails
Hi chevreriecb,

Try moving all the lines related to the .htaccess protection just below the "RewriteEngine On" line or before any other "Rewriterule" line.

Regards
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.083 seconds
Powered by Kunena Forum

Login or Sign In