0

Our cycber security have recommended the introduction of HTTP Strict-Transport-Security response headers, but cannot see anywhere in VisualSVN (or the configuration of it) to do this.

This is for VisualSVN Enterprise 4.2.2 (using Apache 1.10.6) running on Windows 2019 DataCenter.

I see no separate installation of Apache, no presence of a httpd.exe on the server and there's a header warning in the httpd.conf file which advises tha the conf will be overwritten when/if the VisualSVN service is started.

Improve this question

1 Answer 1

Reset to default
0

You can add the following line to the %VISUALSVN_SERVER%conf\httpd-custom.conf file and restart the VisualSVN Server service:

Header always set Strict-Transport-Security "max-age=31536000"

Note that you may need to replace the max-age value with another one depending on your requirements.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.