From 7b8da8b3f3f5714c67e24ed2161113359d00bb75 Mon Sep 17 00:00:00 2001 From: An Phan Date: Wed, 25 Feb 2015 23:52:43 +0800 Subject: [PATCH] Made some amends for #48 --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 84467f0..c4945f9 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,16 @@ RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L] ### Force HTTPS ``` apacheconf -Header always set Strict-Transport-Security "max-age=604800; includeSubDomains" +RewriteEngine on +RewriteCond %{HTTPS} !on +RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + +# Note: It's also recommended to enable HTTP Strict Transport Security (HSTS) +# on your HTTPS website to help prevent man-in-the-middle attacks. +# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security + + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + ``` ### Force HTTPS Behind a Proxy