I have a NextCloud implementation that is running behind my Sophos XG Firewall. The host is a LAMP stack that is SSL enabled, however the SSL translation is currently happening on the Sophos XG Firewall.
When I look at the NextCloud administrative interface, it warns me about an issue The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds.
I have the Apache webserver set so when I browse to the https interface from inside the network, I do not get the warning, I only get it when browsing from outside the network.
Is there a way to configure this in the Firewall?
The firewall rule is set such:
Hosted Server:
HTTPS = checked
Redirect HTTP = checked
Listening port = 443
HTTPS Certificate = set
Protected Server:
Set
Access Permission:
Allowed Client = Any IPv4
Blocked Client = empty
Authentication = none
Exceptions:
None
Advanced:
Policies
Protection = None
Intrusion Prevention = WAN to LAN
Traffic Shaping = none
Additional Options:
Disable Compression Support = unchecked
Rewrite HTML = checked
Rewrite cookies = checked
Pass Host Header = unchecked
This thread was automatically locked due to age.