HTTPS and HSTS on Apache/mod_wsgi and Django
问题 I'm setting up site-wide HTTPS for my Django 1.8 project. I am not experienced in web security. I'm setting up HTTP to HTTPS redirect and HSTS. Right now, I was configuring this on my Apache/mod_wsgi Web Server (I'm using a PaaS so I configure it through the .htaccess file on the WSGI root): wsgi/.htaccess # Redirect HTTP to HTTPS RewriteEngine on RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R,L] # Add HSTS header Header always set Strict