[%# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.
#%]
[%
title = "Advanced"
desc = "Settings for advanced configurations."
%]
[% sts_desc = BLOCK %]
Enables the sending of the
Strict-Transport-Security
header along with HTTP responses on SSL connections. This adds greater
security to your SSL connections by forcing the browser to always
access your domain over SSL and never accept an invalid certificate.
However, it should only be used if you have the ssl_redirect
parameter turned on, Bugzilla is the only thing running
on its domain (i.e., your urlbase
is something like
http://bugzilla.example.com/
), and you never plan to disable
the ssl_redirect
parameter.
includeSubDomains
flag, which will apply the
security change to all subdomains. This is especially useful when
combined with an attachment_base
that exists as (a)
subdomain(s) under the main Bugzilla domain.
X-Forwarded-For
header sent from those IPs,"
_ " and use the value of that header as the end user's IP address."
_ " If set to a *, $terms.Bugzilla will trust the first value in the "
_ " X-Forwarded-For header.",
proxy_url =>
"Bugzilla may have to access the web to get notifications about"
_ " new releases (see the upgrade_notification parameter)."
_ " If your Bugzilla server is behind a proxy, it may be"
_ " necessary to enter its URL if the web server cannot access the"
_ " HTTP_PROXY environment variable. If you have to authenticate,"
_ " use the http://user:pass@proxy_url/
syntax.",
strict_transport_security => sts_desc,
} %]