3.0.8 init

- Fixed rate limit bug  #216
- Added HSTS auto subdomain include check

src/mod/dynamicproxy/customHeader.go

@@ -51,7 +51,13 @@ func (ept *ProxyEndpoint) SplitInboundOutboundHeaders() ([][]string, [][]string)
 
 	//Check if the endpoint require HSTS headers
 	if ept.HSTSMaxAge > 0 {
-		downstreamHeaders[downstreamHeaderCounter] = []string{"Strict-Transport-Security", "max-age=" + strconv.Itoa(int(ept.HSTSMaxAge))}
+		if ept.ContainsWildcardName(true) {
+			//Endpoint listening domain includes wildcards.
+			downstreamHeaders[downstreamHeaderCounter] = []string{"Strict-Transport-Security", "max-age=" + strconv.Itoa(int(ept.HSTSMaxAge)) + "; includeSubdomains"}
+		} else {
+			downstreamHeaders[downstreamHeaderCounter] = []string{"Strict-Transport-Security", "max-age=" + strconv.Itoa(int(ept.HSTSMaxAge))}
+		}
+
 		downstreamHeaderCounter++
 	}
 

src/mod/dynamicproxy/endpoints.go

@@ -133,6 +133,30 @@ func (ep *ProxyEndpoint) AddVirtualDirectoryRule(vdir *VirtualDirectoryEndpoint)
 	return readyRoutingRule, nil
 }
 
+// Check if the proxy endpoint hostname or alias name contains subdomain wildcard
+func (ep *ProxyEndpoint) ContainsWildcardName(skipAliasCheck bool) bool {
+	hostname := ep.RootOrMatchingDomain
+	aliasHostnames := ep.MatchingDomainAlias
+
+	wildcardCheck := func(hostname string) bool {
+		return len(hostname) > 0 && hostname[0] == '*'
+	}
+
+	if wildcardCheck(hostname) {
+		return true
+	}
+
+	if !skipAliasCheck {
+		for _, aliasHostname := range aliasHostnames {
+			if wildcardCheck(aliasHostname) {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
 // Create a deep clone object of the proxy endpoint
 // Note the returned object is not activated. Call to prepare function before pushing into runtime
 func (ep *ProxyEndpoint) Clone() *ProxyEndpoint {