Bobcares
Client Area
Emergency Support
Apache | Latest | Server Management

How to disable HSTS in Apache

by | Oct 27, 2021

Disable HSTS in Apache with the help of our skilled Support Engineers.

At Bobcares, we often come up with elegant and easy solutions to solve different issues as a part of our Server Management Services.

Let’s take a look at how our Support Team recently helped one of our customers disable their HSTS.

All about HSTS in Apache

HSTS, also known as HTTP Strict Transport Security Policy, protects your websites from attacks like clickjacking, protocol downgrades, man-in-the-middle attacks and so on. Furthermore, HSTS allows servers to ensure only HTTPS/SSL URLs are requested by browsers and other compliant clients.

However, if you are looking for a way to disable HSTS on your site, our Support Team is here to help you out.

How to disable HSTS in Apache

    1. First, open the virtual host configuration file of the website. It is usually located at /etc/apache2/sites-available. If a virtual host file does not exist, open the default virtual host configuration via text editor: 
      $ sudo vi /etc/apache2/sites-available/000-default.conf
    2. Then, locate the following line and remove it or comment by adding # at the beginning: 
      Header always set Strict-Transport-Security ...

      If you are not able to locate the file, run this command:

      $ sudo grep -nr "Strict-Transport-Security" /etc/apache2/sites-available

      You will get an output of all files in the configuration file with the Strict-Transport-Security header directive.

      Our Support Techs recommend looking in the following files (depending on the installation) as well if you haven’t located the configuration yet:

      • /etc/httpd/httpd.conf
      • /etc/apache2/httpd.conf
      • /etc/httpd/conf/httpd.conf
      • /etc/apache2/apache2.conf

      It is essential to find the file where HSTS is enabled and disable it according to our Support Engineers.

      By default, HSTS is disabled in Apache unless it has been enabled speciifcally. In other words, locate the file the configuration file and disable HSTS.

    3. After that, we will restart Apache server to apply the changes made in the previous steps: 
      $ sudo service apache2 restart

Verify this process worked via an online tool like Qualsys SSL Labs.

[Struggling with another issue? We are just a click away.]

Conclusion

In brief, the experienced Support Engineers at Bobcares demonstrated how to disable HSTS in Apache with ease.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. SSLPassPhraseDialog builtin is not supported on Win32 – How we fix this error
  2. How to configure OCSP stapling on Apache
  3. FreeBSD Apache Jail: Connection refused – How to fix
  4. Apache Configuration Error Code ah00526

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. SSLPassPhraseDialog builtin is not supported on Win32 – How we fix this error
  2. How to configure OCSP stapling on Apache
  3. FreeBSD Apache Jail: Connection refused – How to fix
  4. Apache Configuration Error Code ah00526

Never again lose customers to poor
server speed! Let us help you.

GET STARTED