Hello!
Using Apache 2.4.16, with OpenSSL 1.0.2d, with alpn support, but
*without* http/2. Today I configured a VirtualHost with GitLab (with
ProxyPassReverse and RewriteRule [P,QSA] rules). I used to configure
Strict-Transport-Security in VirtualHost context nowadays, and I
noticed two STS headers
Hello!
Using 2.4.17.
There seem to be an issue with http/2:
I have these in the vhost error log:
[Tue Oct 20 12:00:35.797584 2015] [http2:warn] [pid 21608:tid
113684011906816] (70015)Could not find specified socket in poll list.:
[client x.x.x.x:65519] AH02953: h2_mplx(139): stream for response
Oh, the client seem to be a Firefox 41 from that IP:
Mozilla/5.0 (Windows NT 6.1; rv:41.0) Gecko/20100101 Firefox/41.0
2015-10-20 15:12 GMT+02:00 Zoltán Halassy :
> Hello!
>
> Using 2.4.17.
>
> There seem to be an issue with http/2:
>
> I have these in the vhost error log:
Hello!
Working with Apache 2.4.
I wanted to configure an https host with HSTS:
[...]
Header set Strict-Transport-Security "max-age=31556952"
Require all granted
[...]
[...]
This works fine. However as soon as I require HTTP authentication on
apache level,
Oh thanks, this is exactly I was looking for. I totally missed it in
the documentation. It's there.
Thank you.
2014-11-13 14:30 GMT+01:00 Eric Covener :
>> Neither provides the HSTS header to an unauthenticated user. Is there
>> a simple way to inject the HSTS (or any) header to unauthenticated
>
