You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by el...@apache.org on 2017/09/15 11:09:19 UTC
svn commit: r1808446 - /httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
Author: elukey
Date: Fri Sep 15 11:09:19 2017
New Revision: 1808446
URL: http://svn.apache.org/viewvc?rev=1808446&view=rev
Log:
Documentation rebuild
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.html.en?rev=1808446&r1=1808445&r2=1808446&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_md.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.html.en Fri Sep 15 11:09:19 2017
@@ -510,6 +510,17 @@ MDRenewWindow 10%</pre>
MDRequireHttps permanent
</ManagedDomain></pre>
</div>
+ <p>When you configure MDRequireHttps permanent, an additional security
+ feature is automatically applied: HSTS. This adds the header
+ Strict-Transport-Security to responses sent out via https:.
+ Basically, this instructs the browser to only perform secure
+ communications with that domain. This instruction holds for the
+ amount of time specified in the header as 'max-age'.
+ This is about half a year as generated by mod_md.
+ </p><p>
+ It is therefore advisable to first test the MDRequireHttps temporary
+ configuration and switch to permanent only once that works satisfactory.
+ </p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>