Add HTTPS enforcement and security headers

realcoding2003 · realcoding2003 · commit b8e9ed86ce76 · 2025-06-04T14:01:55.000+09:00
- Add enforce_ssl setting to _config.yml
- Add .htaccess with HTTPS redirect and security headers
- Ensure all connections use HTTPS for realcoding.blog
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,11 @@
+# HTTPS 리다이렉트
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+
+# Security Headers
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+Header always set X-XSS-Protection "1; mode=block"
+Header always set Referrer-Policy "strict-origin-when-cross-origin"
+Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
diff --git a/_config.yml b/_config.yml
@@ -3,6 +3,7 @@ title: Real Coding Blog
 description: 실무에서 배운 개발 노하우와 기술적 인사이트를 공유합니다
 url: "https://realcoding.blog"
 baseurl: ""
+enforce_ssl: realcoding.blog
 
 # Author information
 author:
