User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 4.7

hsts_policy

How to Enable/Disable HSTS Policy for Admin Panel

HSTS policy is enabled on every single Lucy instance by default. One can check whether the policy is enabled via dev tools in the Chrome browser. Simply proceed to Lucy admin console and send Ctrl+Shift+C hotkey combination. There proceed to the Network tab and open the Headers section.

To enable/disable the header on the instance follow these steps:

1. Open ssh connection to the instance
2. Open the apache SSL config

nano /etc/apache2/sites-enabled/phishing-ssl.conf

3. Add or remove the following line at the beginning of the file (after <VirtualHost *:443> tag):

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains;"

5. Restart the apache server:

service apache2 reload
service apache2 restart
hsts_policy.txt · Last modified: 2021/11/05 15:17 by lucysecurity