php5.2不支持oppssl,php – 虽然存在规则而未发送HSTS标头且已启用mod_headers

我们在虚拟主机处理端口443中的httpd.conf中启用了HSTS.我们尝试使用和不使用< IfModule mod_headers.c>：

Header set Strict-Transport-Security "max-age=10886400; includeSubDomains"

但是服务器不在响应中包含标头.以下是来自HTTPS的curl：

> GET / HTTP/1.1

> Host: www.cryptopp.com

> User-Agent: curl/7.51.0

> Accept: */*

>

< HTTP/1.1 200 OK

< Date: Sat, 05 Nov 2016 22:49:25 GMT

< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips

< Last-Modified: Wed, 02 Nov 2016 01:27:08 GMT

< ETag: "8988-5404756e12afc"

< Accept-Ranges: bytes

< Content-Length: 35208

< Vary: Accept-Encoding

< Content-Type: text/html; charset=UTF-8

httpd.conf的相关部分如下所示. cURL成绩单如下所示. Apache显示mod_header被加载,并且grepping所有日志不会显示错误.

Apache版本是Apache / 2.4.6(CentOS). PHP版本是5.4.16(cli)(内置：2016年8月11日21:24:59). Mediawiki版本是1.26.4.

这可能是什么问题,我怎么能解决这个问题？

httpd.conf文件

ServerName www.cryptopp.com

ServerAlias *.cryptopp.com *.cryptopp.* cryptopp.com

RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^TRACE

RewriteRule .* - [F]

RewriteCond %{REQUEST_METHOD} ^TRACK

RewriteRule .* - [F]

#redirect all port 80 traffic to 443

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^/?(.*) https://www.cryptopp.com/$1 [L,R]

ServerName www.cryptopp.com

ServerAlias *.cryptopp.com *.cryptopp.* cryptopp.com

Header set Strict-Transport-Security "max-age=10886400; includeSubDomains"

mod_headers中

# cat /etc/httpd/conf.modules.d/00-base.conf | grep headers

LoadModule headers_module modules/mod_headers.so

# httpd -t -D DUMP_MODULES | grep header

headers_module (shared)

错误日志

# grep -IR "Strict-Transport-Security" /etc

/etc/httpd/conf/httpd.conf: Header set Strict-Transport-Security "max-age=10886400; includeSubDomains" env=HTTPS

# grep -IR "Strict-Transport-Security" /var/log/

# grep -IR "mod_headers" /var/log/

#

的.htaccess

# find /var/www -name '.htaccess' -printf '%p\n' -exec cat {} \;

/var/www/html/w/cache/.htaccess

Deny from all

/var/www/html/w/languages/.htaccess

Deny from all

/var/www/html/w/extensions/MobileFrontend/dev-scripts/.htaccess

Deny from all

/var/www/html/w/maintenance/archives/.htaccess

Deny from all

/var/www/html/w/maintenance/.htaccess

Deny from all

/var/www/html/w/serialized/.htaccess

Deny from all

/var/www/html/w/images/temp/.htaccess

# Protect against bug 28235

RewriteEngine On

RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]

RewriteRule . - [forbidden]

/var/www/html/w/images/.htaccess

# Protect against bug 28235

RewriteEngine On

RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]

RewriteRule . - [forbidden]

# Fix for bug T64289

Options +FollowSymLinks

/var/www/html/w/images/deleted/.htaccess

Deny from all

/var/www/html/w/includes/.htaccess

Deny from all

/var/www/html/.htaccess

RewriteEngine on

RewriteRule ^wiki/?(.*)$/w/index.php?title=$1 [L,QSA]

SetOutputFilter DEFLATE

卷曲成绩单

$/usr/local/bin/curl -Lv cryptopp.com

* Rebuilt URL to: cryptopp.com/

* Trying 192.210.150.121...

* TCP_NODELAY set

* Connected to cryptopp.com (192.210.150.121) port 80 (#0)

> GET / HTTP/1.1

> Host: cryptopp.com

> User-Agent: curl/7.51.0

> Accept: */*

>

< HTTP/1.1 302 Found

< Date: Sat, 05 Nov 2016 22:49:25 GMT

< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips

< Location: https://www.cryptopp.com/

< Content-Length: 209

< Content-Type: text/html; charset=iso-8859-1

<

* Ignoring the response-body

* Curl_http_done: called premature == 0

* Connection #0 to host cryptopp.com left intact

* Issue another request to this URL: 'https://www.cryptopp.com/'

* Trying 192.210.150.121...

* TCP_NODELAY set

* Connected to www.cryptopp.com (192.210.150.121) port 443 (#1)

* ALPN, offering http/1.1

* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

* successfully set certificate verify locations:

* CAfile: /opt/local/share/curl/curl-ca-bundle.crt

CApath: none

* TLSv1.2 (OUT), TLS header, Certificate Status (22):

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

* ALPN, server did not agree to a protocol

* Server certificate:

* subject: OU=Domain Control Validated; OU=COMODO SSL Unified Communications

* start date: Sep 17 00:00:00 2015 GMT

* expire date: Sep 16 23:59:59 2018 GMT

* subjectAltName: host "www.cryptopp.com" matched cert's "www.cryptopp.com"

* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA

* SSL certificate verify ok.

> GET / HTTP/1.1

> Host: www.cryptopp.com

> User-Agent: curl/7.51.0

> Accept: */*

>

< HTTP/1.1 200 OK

< Date: Sat, 05 Nov 2016 22:49:25 GMT

< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips

< Last-Modified: Wed, 02 Nov 2016 01:27:08 GMT

< ETag: "8988-5404756e12afc"

< Accept-Ranges: bytes

< Content-Length: 35208

< Vary: Accept-Encoding

< Content-Type: text/html; charset=UTF-8

<

/p>

"http://www.w3.org/TR/html4/loose.dtd">

Crypto++ Library 5.6.5 | Free C++ Class Library of Cryptographic Schemes

"free C++ library for cryptography: includes ciphers, message authentication codes, one-way hash functions, public-key cryptosystems, key agreement schemes, and deflate compression">

...