war59312 Posted June 30, 2015 ID:972923 Share Posted June 30, 2015 Hi, Please enable Strict Transport Security (HSTS) for malwarebytes.org. After all, it seems you are forcing https already, so why not truly enforce it? Especially now that IE 11 supports HSTS as well. Easy enough: # Add six month HSTS header for all users...Header always set Strict-Transport-Security "max-age=15768000"# If you want to protect all subdomains, use the following header..# ALL subdomains HAVE TO support HTTPS if you use this! # Header always set Strict-Transport-Security: "max-age=15768000 ; includeSubDomains"Yea, that's it. One line to add HSTS support. Cant get easier than that. Thanks, Will Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 30, 2015 Root Admin ID:973020 Share Posted June 30, 2015 Thank you for your input. https://www.owasp.org/index.php/HTTP_Strict_Transport_Security Use caution when setting excessively strict STS policies. Including subdomains should only be used in environments where all sites within your organization for the given domain name require ssl. Max-age limits should be carefully considered as infrequent visitors may find your site inaccessible if you relax your policy. Link to post Share on other sites More sharing options...
war59312 Posted July 1, 2015 Author ID:973400 Share Posted July 1, 2015 True enough. So you can just do the home page and the forums. Category: Malware and Phishing Group: Staff IP: x.x.x.x Reason: Content of type Malware and Phishing blocked: Domain/URL filtering URL: https://www.owasp.org Afraid that site is blocked, lol. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now