0
I need to include headers from CSP within Apache HTTPD.
Configuration I currently have:
servor_backend
IP: 10.10.10.11
WebServer: Apache Tomcat 6
Port: 8080 (http), 8009 (ajp)
servor_frontend
IP: 10.10.10.12
WebServer: Apache HTTPD
Port: 82 (http), 8443 (https)
My configuration file in /etc/httpd/conf.d/www.exemplo.com.br.conf :
<VirtualHost *:82>
ServerName www.exemplo.com.br
Redirect permanent / https://www.exemplo.com.br:8443/
</VirtualHost>
<VirtualHost _default_:8443>
ServerName www.exemplo.com.br
SSLEngine on
SSLCertificateFile /etc/ssl/certs/exemplo.com.br.crt
SSLCertificateChainFile /etc/ssl/certs/exemplo.com.br-ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/exemplo.com.br.key
TimeOut 1800
ProxyTimeOut 1800
ProxyPass / http://10.10.10.12:8080/
ProxyPassReverse / http://10.10.10.12:8080/
</VirtualHost>
I tried to use the documentation Apache HTTP to include headers, but did not take effect.
Configuration I used:
LoadModule headers_module modules/mod_headers.so
<VirtualHost *:82>
ServerName www.exemplo.com.br
Header set Content-Security-Policy "upgrade-insecure-requests;"
RequestHeader set Content-Security-Policy "upgrade-insecure-requests;"
Redirect permanent / https://www.exemplo.com.br:8443/
</VirtualHost>
...
Since I use a Proxypassreverson, I cannot make use of the .htaccess.
I need a path indication, or guidance on how to proceed. Any comments are welcome.