4 Nov
2024
4 Nov
'24
8:06 p.m.
In my configuration, I am using Apache to reverse proxy the requests to a uwsgi. After our security office scanned the server, it was shown that HSTS is missing from the HTTPS server. The instructions say to add some lines to /etc/apache2/sites-enabled/. The only file in there is 000-default.conf that holds the configuration, but the VirtualHost is port 80. I am using an F5 to to automatically redirect port 80 to port 443, but it is still showing this vulnerability.
My question is, how can enable the Virtual Host for 443 on the server? Or can that configuration be located somewhere else? Or can I just create a new Virtual Host with the added configuration for mailman?
Thanks, Joe Koral