[BlueOnyx:14569] Re: SSL change after updates?
Christoph Schneeberger
cschnee at box.telemedia.ch
Mon Feb 10 15:34:01 -05 2014
Hi Michael,
On 02/07/2014 07:57 AM, Michael Stauber wrote:
>> For some reason http:// urls are rewriting to https:// for one site (mine).
> That might be due to the new "HTTP Strict Transport Security" feature I
> added: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>
> If you really need it disabled, edit /etc/httpd/conf.d/ssl_perl.conf and
> find the line with 'Header add Strict-Transport-Security' in it and
> comment it out for now.
>
> Then restart httpd and you should be good.
>
> I think I should make this option configurable in the GUI. I'll look
> into that when the dust has settled.
I can confirm the above workaround does the job, unfortunately once you
have visited such a site by https it has the HSTS policy set and will
keep it despite clearing cache etc.
I would vote to have this settable and preferrable be off by default, in
a lot of situations it is undesirable to have the HSTS policy
automatically deployed, as once it is set - it is set for a site for a
quite long time (half a year in our case) and its pretty hard to get rid
of in your browser.
Thanks for considering this.
Cheers,
Christoph
More information about the Blueonyx
mailing list