I can not enable HSTS

[Émerson Felinto]

I would like to enable HSTS on my Litespeed server and I'm following the steps in this tutorial:
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:hsts-setup
But in the step of selecting my Virtual Host, it simply does not appear anything. There is no option I can click to follow the rest of the tutorial. How do I resolve this to enable HSTS?

 

[Tishu]

Hello,

If you are using apache like config, please see the first part of the quote wiki.

 

[Émerson Felinto]

If you are using apache like config, please see the first part of the quote wiki.

Hello,
I do not know exactly what you're talking about. I just installed Litespeed on my cPanel server using the steps that the Litespeed WIKI gives me.

 

[Pong]

For cpanel, LiteSpeed will use Apache configuration. you should choose "Using Apache Configs" Not "Using LSWS-Native Configs", basically add the following in .htaccess
Header always set Strict-Transport-Security "max-age=31536000"

 

[Émerson Felinto]

Got it!
I have several sites on my server and I can not add this policy to every .htaccess. Can you provide me information on how I can apply this across all sites?

 

[Pong]

then you can add it to cpanel pre_main_global setting

 

[Émerson Felinto]

I activated HSTS via Apache but I did not notice any changes in the headers. Am I testing the wrong way? How do I know that HSTS is active?

 

[Jon K]

You can use SSL Labs to check if HSTS is enabled. https://www.ssllabs.com/ssltest/index.html

 

[Émerson Felinto]

It's working, it's fantastic, thank you !!!!
But I was really wrong about how HSTS works. I thought that sites with HTTP would automatically be redirected to HTTPS versions. Could you tell me why this did not happen and how do I solve it?

 

[Jon K]

HSTS just states to use HTTPS over HTTP once it is being used. If you still have links that force http:// then they will still go the insecure route. You will need to create rewrite rules to force requests http -> https.