Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 6.18.0
Affects Version/s: None
Component/s: Foreman Proxy
Labels:

Story Points:
5
Target Version:

6.18.0
Blocked:
False
Severity:
Important
Sprint:
Satellite Endeavour Sprint 3
AssignedTeam:
sat-endeavour

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
PX Priority Data:
PX Review Complete:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:
None

Market:

Problem Statement

Enable HTTP Strict Transport Security (HSTS) on the foreman-proxy daemon in Red Hat Satellite. Currently, security scanners flag it as non-compliant, creating issues with security exceptions. Enabling HSTS will improve compliance and reduce the need for variances, enhancing user experience in enterprise environments.

User Experience & Workflow

End-State: Foreman-proxy enforces HSTS, resolving compliance issues.

Requirements

A setting to enable HSTS on the foreman-proxy daemon

Business Impact

Without HSTS, security scanners will continue to flag non-compliance, complicating security exception processes and impacting enterprise security posture and efficiency.

depends on

SAT-34194 Add HSTS middleware by ekohl · Pull Request #905 · theforeman/smart-proxy · GitHub

Closed

is cloned by

SAT-34970 foreman-proxy lacks HSTS support

Closed

links to

RHBA-2025:155337 Important: Satellite 6.18.0 new version release

What is HSTS header, how to enable or disable its support in the RedHat Satellite 6 Server, and why certain ports do not offer HSTS?

Assignee:: Ewoud Kohl van Wijngaarden

Reporter:: Camila Cortes

QA Contact:: Lukas Pramuk

Votes:: 2 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: 2024/09/11 10:58 PM

Updated:: 2025/11/04 5:13 PM

Resolved:: 2025/11/04 5:13 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates