How To Setup HSTS Response Header Via Web.Config

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version: 9.0.2 and below. HSTS is enabled in 9.1 out of the box.

     

    Description:

    This article is to inform how to set up HSTS response headers using the web.config files of the IIS directories.

    Resolution:

    1. Open up IIS and right click on your Default Web Site. 


    2. From here, right click on web.config and open it up in your favorite administrative editing tool.  I will be using Notepad++.


    3. Paste the following command in as shown.

      <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
      <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
      <conditions>
      <add input="{HTTPS}" pattern="on" ignoreCase="true" />
      </conditions>
      <action type="Rewrite" value="max-age=31536000" />
      </rule>



      Once that is set, you're done!  You now have enabled HSTS!
    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.