I usually just place httpd auth in front of the phpadmin login page, and let my
browser memorize that password.
Eddie
-Original Message-
From: Nick Owen [mailto:owen.n...@gmail.com]
Sent: Monday, November 03, 2014 6:27 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] hackers
In
I would like to track what is causing apache to gracefully restart. I
already have a log monitor alert me when "[notice] Graceful restart
requested, doing restart" shows up in the logs. It is not a log rotation:
it happens at irregular times time through the day, but they are scheduled
for once a
The cert is self signed. Whats is the conclusion, chrome is violating the RFC?
It DOES let me proceed.
On 10/6/14 5:52 PM, Scott (firstclasswatches.co.uk) wrote:
> Hello,
>
> Not strictly a httpd specific issue but nevertheless, Chrome/Firefox
> should ignore the header because it is not delive
I am using
SetEnvIF Host "^[dev\.domain\.com]$|^[\w+\.dev\.domain\.com]$" AllowDomain=1
SetEnvIF AllowDomain HTTPS HEADER_PROCESSING=1
Header add Strict-Transport-Security "max-age=15768000;includeSubDomains"
env=HEADER_PROCESSING
To avoid sending the header to dev.domain.com or xx.
Is it possible to an AND clause to the IF, so that it only adds the header when
env=HTTPS ?
Thanks!
I set HSTS for HTTPS only, using this directive at the beginning of httpd.conf
(apache 2.2)
Header add Strict-Transport-Security "max-age=15768000;includeSubDomains"
env=HTTPS
How can I tell Apache to not set HSTS for specific virtual hosts (using some
type of IF statement) using one
Great answer, thank you Scott.
Do you recommend only setting the HSTS header for https requests?
I have an https server that sets the HSTS header, but up to date Chrome (and
other HSTS compatible browsers, such as Firefox 32) still let the user
proceed to HTTPS. Isn't the specific reason HSTS exists to prevent users
from proceeding?
Here's the server: http://pastebin.com/JFJw1m40
How i
