Bobcares
Client Area
Emergency Support
Apache | Latest | Server Management

Disable HSTS in apache

by | Apr 13, 2022

Wondering how to disable HSTS in Apache? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team help a customer  deal with this query.

How to disable HSTS in Apache?

HTTP Strict Transport Security Policy (HSTS) protects your websites from malicious attacks such as man-in-the-middle attacks, clickjacking and protocol downgrades.

It allows servers to specify that browsers and other compliant clients must only request HTTPS/SSL URLs directly.

Today, let us see the steps followed by our Support Techs to disable it:

  • Firstly, open configuration file

Open virtual host configuration file for your website at /etc/apache2/sites-available.

If you have not created a virtual host file, open the default virtual host configuration file in a text editor.

$ sudo vi /etc/apache2/sites-available/000-default.conf

  • Disable HSTS in Apache

Here, look for the following line

Header always set Strict-Transport-Security ...

If you find it, then remove it or comment it by adding # at its beginning.

If you are unable to find this line, run the following command to find the files where the above header is present.

$ sudo grep -nr "Strict-Transport-Security" /etc/apache2/sites-available

The output will list all files in /etc/apache2/sites-available that contain the above header directive.

If you still cannot find it, then look into the server configuration file at any of the following locations, depending on your installation:

  1. /etc/apache2/httpd.conf
  2. /etc/apache2/apache2.conf
  3. /etc/httpd/httpd.conf
  4. /etc/httpd/conf/httpd.conf

Since HSTS is disabled by default in Apache, it cannot have enable unless someone explicitly did so using server configuration file or virtual configuration file.

So it is important to find the right file where HSTS is enable and disable it.

  • Restart Apache Server

Finally, restart Apache server to apply changes.

$ sudo service apache2 restart

[Need a solution to another query? We are just a click away.]

Conclusion

Today, we saw steps followed by our Support Engineers to disable HSTS in Apache.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Apache ssl_error_rx_record_too_long – How we fix!!
  2. SSLSessionCache: ‘shmcb’ session cache not supported – Resolve it now
  3. How to create a Self-Signed SSL Certificate for Apache in CentOS 8
  4. How to disable HSTS in Apache

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Apache ssl_error_rx_record_too_long – How we fix!!
  2. SSLSessionCache: ‘shmcb’ session cache not supported – Resolve it now
  3. How to create a Self-Signed SSL Certificate for Apache in CentOS 8
  4. How to disable HSTS in Apache

Never again lose customers to poor
server speed! Let us help you.

GET STARTED