2658fb41ba
The HTTP Strict Transport Security (HSTS) mechanism defined in IETF RFC 6797 allows us to indicate to clients that the site to which they are connecting should only every be reached over an encrypted HTTPS connection, in an effort to thwart protocol downgrade attacks which could convince a client to fall back to plaintext HTTP. Set such a policy header for the SSL vhost, valid for one year, and indicate that this policy also applies to any subdomains of the hostname with which the site is served (even though it's unlikely that there would ever be any in this case, this is useful for consistency with inclusion in other vhost templates in the future). While HSTS policy can't prevent downgrade attacks the very first time a client connects to this site, thereafter their browser would be wary of connecting over plain HTTP for subsequent connections for a full year. Change-Id: If5c2f3b70e7f7646bf6168e8942aee0ecb7c2ec8 |
||
|---|---|---|
| .. | ||
| admin.ini | ||
| carbon.conf.erb | ||
| config.js.erb | ||
| graphite.ssl.vhost.erb | ||
| graphite.vhost.erb | ||
| graphite.wsgi.django17.erb | ||
| graphite.wsgi.erb | ||
| local_settings.py.erb | ||
| storage-aggregation.conf.erb | ||
| storage-schemas.conf.erb | ||