How to skip setting HSTS header for certain virtual hosts only?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: How to skip setting HSTS header for certain virtual hosts only?
From: "Eddie B" <eddie@xxxxxxxxxxxxxxx>
Date: Mon, 6 Oct 2014 15:22:49 -0700
Organization: MATTERmedia
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: Ac/hs60576kwkegvSKuBY9wbqPwqkg==

I set HSTS for HTTPS only, using this directive at the beginning of httpd.conf (apache 2.2)

Header add Strict-Transport-Security "max-age=15768000;includeSubDomains" env=HTTPS

</IfModule>

How can I tell Apache to not set HSTS for specific virtual hosts (using some type of IF statement) using one global directive (instead of unsetting inside the specific vhost’s conf)?

Thanks

Follow-Ups:
- Re: How to skip setting HSTS header for certain virtual hosts only?
  - From: Igor Cicimov

Prev by Date: Re: How is this possible? Apache sends HSTS on a non valid cert but user can proceed, on compatible browser
Next by Date: Re: How to skip setting HSTS header for certain virtual hosts only?
Previous by thread: How is this possible? Apache sends HSTS on a non valid cert but user can proceed, on compatible browser
Next by thread: Re: How to skip setting HSTS header for certain virtual hosts only?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]