Forum Discussion
IanB
May 17, 2016Employee
HSTS is enabled on the management interface via apache's configuration file (which is not intended to be user-modifiable)
/config/httpd/conf/httpd.conf
Restrict to https, with HSTS policy lasting for 6 months, allowing subdomains
Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"
I'm curious as to exactly what problem this is causing for you - all it should be doing is ensuring that you access the GUI via https, rather than http. Can you advise the specifics on how it affects you ?