Bug report or support / feature request? - Is update 3.1.13 causing vhosts to comment out hsts (header strict-transport-security) entries in ip:443 directives
Perhaps this isn't an error, but is how IspConfig3 works. Perhaps each time we save a site it re-writes the vhost directive from a template thus commenting out once again the HSTS lines we uncommented. I imagine that we are suppossed to add these 3 lines in the Apache directives text area of each site created. This is a little onerous for many sites. How do you suggest that we auto-enable the HSTS for all sites created? Would adding the lines to 000-default.vhost mean that all new sites created wold have the HSTS uncommented?
We are having https browser errors since this update to 3.1.13, and it appears it is because our site vhosts are being re-written to comment out the uncommented hsts (header strict-transport-security) entries in ipv4:443 and ipv6:443 directives. Can you confirm why is this happening? This is with apache 2.4 latest on debian stretch updated. It also appreas to be happening on jessie with apache 2.4