google chrome 本身有檢測的功能
chrome://net-internals/#hsts
Apache 啟用HSTS
1.編輯 httpd.conf
將Header Module 註解拿掉(uncomment)
LoadModule headers_module modules/mod_headers.so
方法一:
在網站根目錄新增 .htaccess檔案
<IfModule mod_headers.c>
Header set Strict-Transport-Security: max-age=10886400
</IfModule>
方法二:
在VirtualHost區域增加Header設定
<VirtualHost www.example.com:80>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
</VirtualHost>
2.重啟Apache
IIS 啟用 HSTS
方法一:
1.打開IIS管理工具,選擇要設定的站點
2.HTTP回應標頭點兩下,並在右邊功能列選新增
3.新增回應標頭內容
名稱:Strict-Transport-Security
值:max-age=10886400
方法二:
1.在Web.Config設定
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
</customHeaders>
</httpProtocol>
</system.webServer>
Tomcat 啟用HSTS
Tomcat 7,8 or above enable "HTTP Header Security Filter"
1.編輯tomcat/conf/web.xml
2.找到httpheadersecurity這個filter,並把前後的註解拿掉
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
</filter>
3.在步驟2的filter class後面新增
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
4.找到filter mapping 並將前後的註解拿掉
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
NGINX 啟用HSTS
1.編輯設定檔,在Server區塊下新增設定
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
2.重啟服務
2014年7月1日 星期二
手動安裝apache+php
在2014的年中,因為客戶的需求需要很舊版的Apache+PHP+Mysql Client
使用yum 安裝只裝的到新版本因此必須手動安裝
OS: CentOS
首先要先把基本的工具跟Library裝好
部分Library 會有太新的問題<就必須抓舊版的回來裝
gcc
autoconf
freetype-devel.x86_64
zlib-devel.x86_64
libxml2-devel
gd-devel.x86_64
libjpeg-turbo-devel.x86_64
libpng-devel.x86_64
libmcrypt-devel.x86_64
libtool-ltdl-devel
mysql mysql-devel mysql-lib
#新作業系統都是64 library需要指定一下
# ln -s /usr/include /opt/include
# ln -s /usr/lib64 /opt/lib
#太舊的PHP不支援openssl 1.x.x 要手動裝
openssl 0.9.8
./config --prefix=/usr/local/openssl
make install_sw # 不安裝說明文件
apache2
/configure --prefix=/usr/local/apache2 --enable-ssl --enable-so --with-ssl=/usr/local/openssl
php5
./configure --prefix=/usr/local/php5 --with-mysql=/opt --with-gd=/opt --with-jpeg-dir=/opt --with-png-dir=/opt --with-libxml-dir=/usr/local/libxml2/ --with-zlib-dir=/opt --with-mcrypt=/opt --with-apxs2=/usr/local/apache2/bin/apxs --enable-mbstring --with-mysqli
使用yum 安裝只裝的到新版本因此必須手動安裝
OS: CentOS
首先要先把基本的工具跟Library裝好
部分Library 會有太新的問題<就必須抓舊版的回來裝
gcc
autoconf
freetype-devel.x86_64
zlib-devel.x86_64
libxml2-devel
gd-devel.x86_64
libjpeg-turbo-devel.x86_64
libpng-devel.x86_64
libmcrypt-devel.x86_64
libtool-ltdl-devel
mysql mysql-devel mysql-lib
#新作業系統都是64 library需要指定一下
# ln -s /usr/include /opt/include
# ln -s /usr/lib64 /opt/lib
#太舊的PHP不支援openssl 1.x.x 要手動裝
openssl 0.9.8
./config --prefix=/usr/local/openssl
make install_sw # 不安裝說明文件
apache2
/configure --prefix=/usr/local/apache2 --enable-ssl --enable-so --with-ssl=/usr/local/openssl
php5
./configure --prefix=/usr/local/php5 --with-mysql=/opt --with-gd=/opt --with-jpeg-dir=/opt --with-png-dir=/opt --with-libxml-dir=/usr/local/libxml2/ --with-zlib-dir=/opt --with-mcrypt=/opt --with-apxs2=/usr/local/apache2/bin/apxs --enable-mbstring --with-mysqli
#修改啟動稿
cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd
vi /etc/rc.d/init.d/httpd
在 #!/bin/sh 下面加入以下兩行
# chkconfig: 2345 10 90
# description: Activates/Deactivates Apache Server
設定啟動狀態
chkconfig --add httpd
chkconfig httpd on
訂閱:
文章 (Atom)