How to enable HSTS on a cPanel server?

From PheonixSolutions
Jump to navigation Jump to search

Introduction

[edit]

Enabling HTTP Strict Transport Security (HSTS) on a cPanel server is crucial for enhancing the security of websites by enforcing secure connections. This article provides a step-by-step guide on how to configure HSTS settings within the cPanel environment.

Prerequisites

[edit]

Before proceeding with the implementation of HSTS, ensure the following prerequisites are met:

1. Access to WHM (Web Host Manager) as the 'root' user.

2. Familiarity with navigating WHM and Apache configuration settings.

3. Understanding of the implications and benefits of HSTS for website security.

Procedure

[edit]

Follow these steps to enable HSTS on your cPanel server:

Step 1: Log into WHM as the 'root' user.

Step 2: Navigate to "WHM / Service Configuration / Apache Configuration."

Step 3: Click "Include Editor."

Step 4: Select "All Versions" from the drop-down menu under "Pre-Main Include."

Step 5: Add the provided code snippet within the editor. 

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
Header always set X-Frame-Options "sameorigin"
Header setifempty Referrer-Policy: same-origin
Header set X-XSS-Protection "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
Header set X-Content-Type-Options: nosniff
</IfModule>

Step 6: Click the "Update" button.

Step 7: Click the "Restart Apache" button.

Confirmation:

To verify that HSTS has been successfully implemented on your site, execute the following command:

read -p "Domain: " domain ; curl -sI https://${domain}/ | grep -i Strict-Transport-Security

Conclusion

[edit]

Enabling HSTS on your cPanel server is a critical step towards bolstering the security posture of your websites. By enforcing secure connections and mitigating certain types of attacks, such as protocol downgrade attacks, HSTS helps safeguard sensitive user data and enhances trustworthiness. Following the outlined procedure ensures that your websites benefit from the added protection afforded by HSTS.

Retrieved from "https://wiki.pheonixsolutions.com/index.php?title=How_to_enable_HSTS_on_a_cPanel_server%3F&oldid=1709"