We configured the apache server to use Header always set Strict-Transport-Security in file "/etc/apache2/sites-enabled/alienvault-ssl.conf"
It works and we got past the PCI vulnerability test. Problem comes when we execute ossim-reconfig (when any change is made and requires reconfig), the setting "Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" gets erased from the config file. Our guess is that during ossim-reconfig, alienvault-ssl.conf file is replaced by a defalut one.
Is there a way to find the original config to add this line?? or a way to prevent the file from override?