SecureAuth IdP Version: 9.0.2 and below. HSTS is enabled in 9.1 out of the box.
Description:
This article is to inform how to set up HSTS response headers using the web.config files of the IIS directories.
Resolution:
- Open up IIS and right click on your Default Web Site.
- From here, right click on web.config and open it up in your favorite administrative editing tool. I will be using Notepad++.
- Paste the following command in as shown.
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
Once that is set, you're done! You now have enabled HSTS!
Comments
Please sign in to leave a comment.