Notification

Icon
Error

Security: HSTS Missing - The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.

Posted: Wednesday, September 30, 2020 9:36:49 PM(UTC)
Grey

Grey

Member Original PosterPosts: 2
0
Like
Recent security concerns have brought the lack of HSTS on lansweeper to light. Is there any way the next patch can resolve this?
Grey attached the following image(s):
hsts lansweeper.png
Caleb
#1Caleb Member Posts: 19  
posted: 10/2/2020 12:23:38 AM(UTC)
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website
Grey
#2Grey Member Original PosterPosts: 2  
posted: 10/2/2020 2:28:03 PM(UTC)
Originally Posted by: Caleb Go to Quoted Post
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website


How does this apply to the default IIS Express, which does not have the standard IIS manager?
Caleb
#3Caleb Member Posts: 19  
posted: 10/2/2020 4:35:45 PM(UTC)
Originally Posted by: Grey Go to Quoted Post
Originally Posted by: Caleb Go to Quoted Post
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website


How does this apply to the default IIS Express, which does not have the standard IIS manager?


Per Microsoft's documentation, something like this should work.

Code:
<site name="Lansweeper" id="1" serverAutoStart="true">
        <application path="/" applicationPool="Clr4IntegratedAppPool">
          <virtualDirectory path="/" physicalPath="C:\Program Files (x86)\Lansweeper\website" />
        </application>
        <bindings>
        <binding protocol="https" bindingInformation="*:443:" />
        </bindings>
    <hsts enabled="true" max-age="31536000" includeSubDomains="true"/>
</site>


https://docs.microsoft.c...sts#configuration-sample

I haven't tested, so proceed with caution by making backups and testing in dev first, etc.

Microsoft recommends that you set the max age to a shorter value during testing. https://docs.microsoft.c...t-security-protocol-hsts

Hope this helps.

Active Discussions

Installer Deploy SolarWinds Take Control Agent
by  Corey Lambert   Go to last post Go to first unread
Last post: 8/6/2020 2:23:22 PM(UTC)
Installer Microsoft Edge (Chromium) 84.0.522.44
by  PLSJohnJohn   Go to last post Go to first unread
Last post: 7/24/2020 10:22:19 PM(UTC)
Installer Windows 10 Upgrade
by  CyberCitizen  
Go to last post Go to first unread
Last post: 7/8/2020 1:07:47 AM(UTC)
Installer Installer - Microsoft Office
by  Florian_Eigsi   Go to last post Go to first unread
Last post: 6/29/2020 3:33:20 PM(UTC)
Installer Firefox ESR 68.8.0 MSI Installer
by  PLSJohnJohn  
Go to last post Go to first unread
Last post: 5/11/2020 4:33:50 PM(UTC)
Installer Update Chrome browser with GoogleUpdate.exe ?
by  Inna Ptushkina   Go to last post Go to first unread
Last post: 5/4/2020 8:39:29 PM(UTC)
Installer Bios Update for Dell all in one
by  Florian_Eigsi  
Go to last post Go to first unread
Last post: 4/2/2020 11:36:43 AM(UTC)