aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiBa-NL <pba_2k3@yahoo.com>2014-02-17 23:10:50 +0100
committerPiBa-NL <pba_2k3@yahoo.com>2014-02-17 23:10:50 +0100
commitfdc63dbf757a94105ff1bf9d295fcc4047f34ea4 (patch)
treef42fde0d6dcbb6c95957c28e5b11db54b6cd6f2c
parent6615c6528165b39b0ed692cb3f52d28a7ad94c48 (diff)
downloadpfsense-packages-fdc63dbf757a94105ff1bf9d295fcc4047f34ea4.tar.gz
pfsense-packages-fdc63dbf757a94105ff1bf9d295fcc4047f34ea4.tar.bz2
pfsense-packages-fdc63dbf757a94105ff1bf9d295fcc4047f34ea4.zip
haproxy-devel, option for "HTTP Strict Transport Security" HTST
-rw-r--r--config/haproxy-devel/haproxy.inc4
-rw-r--r--config/haproxy-devel/haproxy_pool_edit.php18
2 files changed, 22 insertions, 0 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index 7f65e814..4713a2d1 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -560,6 +560,10 @@ function write_backend($fd, $name, $pool, $frontend) {
if ($optioncheck)
fwrite ($fd, "\toption\t\t\t{$optioncheck}\n");
+ if ($pool["strict_transport_security"] && is_numeric($pool["strict_transport_security"])){
+ fwrite ($fd, "\trspadd Strict-Transport-Security:\ max-age={$pool["strict_transport_security"]};\n");
+ }
+
if ($pool['advanced_backend']) {
$adv_be = explode("\n", base64_decode($pool['advanced_backend']));
foreach($adv_be as $adv_line) {
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 3bc3ff9d..27519429 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -189,6 +189,9 @@ if ($_POST) {
if ($server_port && !is_numeric($server_port))
$input_errors[] = "The field 'Port' value is not a number.";
}
+
+ if ($_POST['strict_transport_security'] !== "" && !is_numeric($_POST['strict_transport_security']))
+ $input_errors[] = "The field 'Strict-Transport-Security' is not empty or a number.";
if (!$input_errors) {
$pool = array();
@@ -789,6 +792,21 @@ set by the 'retries' parameter.</div>
</td>
</tr>
<tr><td>&nbsp;</td></tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Advanced</td>
+ </tr>
+ <tr class="" align="left" id='Strict-Transport-Security'>
+ <td width="22%" valign="top" class="vncell">Strict-Transport-Security</td>
+ <td width="78%" class="vtable" colspan="2">
+ When configured enables "HTTP Strict Transport Security" leave empty to disable.<br/>
+ <b>WARNING! the domain will only work over https with a valid certificate!</b><br/>
+ <input id="strict_transport_security" name="strict_transport_security" type="text" <?if(isset($pconfig['strict_transport_security'])) echo "value=\"{$pconfig['strict_transport_security']}\"";?> size="20" /> Seconds<br/>
+ If configured clients that requested the page with this setting active will not be able to visit this domain over a unencrypted http connection.
+ So make sure you understand the consequence of this setting or start with a really low value.<br/>
+ EXAMPLE: 60 for testing if you are absolutely sure you want this 31536000 (12 months) would be good for production.
+ </td>
+ </tr>
+ <tr><td>&nbsp;</td></tr>
<tr align="left">
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">