Hardening your SSL installation

Snapt provides SSL termination/offloading in both the Accelerator and Balancer modules. These are extremely resilient and secure by default, but there are several techniques that can be applied to provide additional security.



  1. Selecting a stronger Cipher preset will protect your servers against BEAST attacks and several other exploits which can be exposed by SSL.
  2. Enable HSTS – HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking.
  3. Edit the SSL Terminated Balancer group. Navigate to the HTTP Options tab shown below and add a Response Add Header Modification rule with the following value:Strict-Transport-Security:\ max-age=31536000


Was this article helpful?
1 out of 3 found this helpful



Article is closed for comments.