I'm hosting a number of sites on a single VPS (Debian Jessie, Apache 2.4). One of these sites forces HTTPS. On this and only this site, I would like to set the "Secure Flag" for cookies. I've found loads of resources explaining how to do this for all sites hosted on a server via the apache2.conf
file, like this:
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
But I want Apache to apply this header rewrite only to the one HTTPS site. How do I do that?
Best Answer
Thanks to @JayMcTee's comments, I was able to stumble upon the answer.
To apply the settings to one specific virtual host, simply add the same lines you would to your
apache2.conf
file:...to within your virtual host block. For example:
Then restart Apache (
service apache2 restart
).