Snapt provides SSL termination/offloading in both the Accelerator and Balancer modules. These are extremely resilient and secure by default, but there are several techniques that can be applied to provide additional security.
- Selecting a stronger Cipher preset will protect your servers against BEAST attacks and several other exploits which can be exposed by SSL.
- Enable HSTS – HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking.
- Edit the SSL Terminated Balancer group. Navigate to the HTTP Options tab shown below and add a Response Add Header Modification rule with the following value:Strict-Transport-Security:\ max-age=31536000