trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject [trafficserver] branch master updated: Doc: Provide better explanation of HSTS example in header_rewrite.
Date Mon, 07 Aug 2017 13:47:23 GMT
This is an automated email from the ASF dual-hosted git repository.

amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new c9213ae  Doc: Provide better explanation of HSTS example in header_rewrite.
c9213ae is described below

commit c9213aeb690f9f882e9df45d91ade8d1dce3fc61
Author: Alan M. Carroll <amc@apache.org>
AuthorDate: Fri Aug 4 19:11:11 2017 -0500

    Doc: Provide better explanation of HSTS example in header_rewrite.
---
 doc/admin-guide/plugins/header_rewrite.en.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/admin-guide/plugins/header_rewrite.en.rst b/doc/admin-guide/plugins/header_rewrite.en.rst
index 7eb9684..2789e46 100644
--- a/doc/admin-guide/plugins/header_rewrite.en.rst
+++ b/doc/admin-guide/plugins/header_rewrite.en.rst
@@ -1174,3 +1174,8 @@ Add the HTTP Strict Transport Security (HSTS) header if it does not
exist and th
     cond %{HEADER:Strict-Transport-Security} ="" [AND]
     cond %{INBOUND:TLS} /./
     set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+
+This is mostly used by being attached to a remap rule that maps to a host known to support
TLS. If
+the parallel `OUTBOUND` supported is added then this could be done by checking for inbound
TLS both
+outbound TLS in the `SEND_REQUEST_HDR_HOOK`. However this technique may be used for a non-TLS
+upstream if the goal is to require the user agent to connect to |TS| over TLS.

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Mime
View raw message