diff options
| author | Ermal Luçi <eri@pfsense.org> | 2014-02-18 08:53:57 +0100 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2014-02-18 08:53:57 +0100 |
| commit | 51889bc74c3735422163eac27e630a8e5ee7164b (patch) | |
| tree | c790ec00522988ca5ffbd54dd11ad82d2249d7ba | |
| parent | 2c3d0d5ae18c82daf20043a2b89035eeb633e20b (diff) | |
| parent | fdc63dbf757a94105ff1bf9d295fcc4047f34ea4 (diff) | |
| download | pfsense-packages-51889bc74c3735422163eac27e630a8e5ee7164b.tar.gz pfsense-packages-51889bc74c3735422163eac27e630a8e5ee7164b.tar.bz2 pfsense-packages-51889bc74c3735422163eac27e630a8e5ee7164b.zip | |
Merge pull request #591 from PiBa-NL/hap_strict_security
haproxy-devel, option for "HTTP Strict Transport Security" HTST
| -rw-r--r-- | config/haproxy-devel/haproxy.inc | 4 | ||||
| -rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 18 |
2 files changed, 22 insertions, 0 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 7f65e814..4713a2d1 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -560,6 +560,10 @@ function write_backend($fd, $name, $pool, $frontend) { if ($optioncheck) fwrite ($fd, "\toption\t\t\t{$optioncheck}\n"); + if ($pool["strict_transport_security"] && is_numeric($pool["strict_transport_security"])){ + fwrite ($fd, "\trspadd Strict-Transport-Security:\ max-age={$pool["strict_transport_security"]};\n"); + } + if ($pool['advanced_backend']) { $adv_be = explode("\n", base64_decode($pool['advanced_backend'])); foreach($adv_be as $adv_line) { diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 3bc3ff9d..27519429 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -189,6 +189,9 @@ if ($_POST) { if ($server_port && !is_numeric($server_port)) $input_errors[] = "The field 'Port' value is not a number."; } + + if ($_POST['strict_transport_security'] !== "" && !is_numeric($_POST['strict_transport_security'])) + $input_errors[] = "The field 'Strict-Transport-Security' is not empty or a number."; if (!$input_errors) { $pool = array(); @@ -789,6 +792,21 @@ set by the 'retries' parameter.</div> </td> </tr> <tr><td> </td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Advanced</td> + </tr> + <tr class="" align="left" id='Strict-Transport-Security'> + <td width="22%" valign="top" class="vncell">Strict-Transport-Security</td> + <td width="78%" class="vtable" colspan="2"> + When configured enables "HTTP Strict Transport Security" leave empty to disable.<br/> + <b>WARNING! the domain will only work over https with a valid certificate!</b><br/> + <input id="strict_transport_security" name="strict_transport_security" type="text" <?if(isset($pconfig['strict_transport_security'])) echo "value=\"{$pconfig['strict_transport_security']}\"";?> size="20" /> Seconds<br/> + If configured clients that requested the page with this setting active will not be able to visit this domain over a unencrypted http connection. + So make sure you understand the consequence of this setting or start with a really low value.<br/> + EXAMPLE: 60 for testing if you are absolutely sure you want this 31536000 (12 months) would be good for production. + </td> + </tr> + <tr><td> </td></tr> <tr align="left"> <td width="22%" valign="top"> </td> <td width="78%"> |