Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-68 Set-up HSTS policy for web server roles when TLS is enforced
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Enhancement
  • Category
    Security
  • Targetted for
    1.1.0
  • Status
    Closed
  • Progress
  • Priority
    Must fix before next release
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Show / hide more details »
Description

When HTTPS is enforced for the web server roles, it would be better to also provide the connecting clients with meaningful HSTS (HTTP String Transport Security) policy that would indicate to them that on all subsequent connects (past some expiration date) they should connect via HTTPS, and not use HTTP.

This should help with possible cookie hijack attempts as well as downgrade attacks against the HTTPS.

The following needs to be done:

  • Update the web_server role.
  • Update the php_website role.
  • Update the wsgi_website role.
  • Update role reference documentation.
  • Mention the feature in usage instructions where the web server stuff is discussed.
Todos (0 / 0)
Options
There are no comments