Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/221064
Change subject: HTTPS: raise production's HSTS to 6 months
......................................................................
HTTPS: raise production's HSTS to 6 months
(or, actually, half a year )
Change-Id: Ib46a62783ce99a8f9133362df27f9ced12b07aab
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
1 file changed, 1 insertion(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/64/221064/1
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 9a5c9da..ff72356 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -223,11 +223,8 @@
// HSTS to reach a client, the client implicitly has to have already
// successfully reached us over HTTPS for the given domainname.
if (req.http.X-Forwarded-Proto == "https") {
- if (req.http.Host ~ "(?i)^ru\.") {
+ if (!resp.http.Strict-Transport-Security) {
set resp.http.Strict-Transport-Security =
"max-age=15768000";
- }
- else if (!resp.http.Strict-Transport-Security) {
- set resp.http.Strict-Transport-Security =
"max-age=1209600";
}
}
}
--
To view, visit https://gerrit.wikimedia.org/r/221064
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib46a62783ce99a8f9133362df27f9ced12b07aab
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
