Notification

Icon
Error

Security: HSTS Missing - The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header.

Posted: Wednesday, September 30, 2020 9:36:49 PM(UTC)
Grey

Grey

Member Original PosterPosts: 2
0
Like
Recent security concerns have brought the lack of HSTS on lansweeper to light. Is there any way the next patch can resolve this?
Grey attached the following image(s):
hsts lansweeper.png
Caleb
#1Caleb Member Posts: 19  
posted: 10/2/2020 12:23:38 AM(UTC)
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website
Grey
#2Grey Member Original PosterPosts: 2  
posted: 10/2/2020 2:28:03 PM(UTC)
Originally Posted by: Caleb Go to Quoted Post
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website


How does this apply to the default IIS Express, which does not have the standard IIS manager?
Caleb
#3Caleb Member Posts: 19  
posted: 10/2/2020 4:35:45 PM(UTC)
Originally Posted by: Grey Go to Quoted Post
Originally Posted by: Caleb Go to Quoted Post
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.c...urity-hsts-to-my-website


How does this apply to the default IIS Express, which does not have the standard IIS manager?


Per Microsoft's documentation, something like this should work.

Code:
<site name="Lansweeper" id="1" serverAutoStart="true">
        <application path="/" applicationPool="Clr4IntegratedAppPool">
          <virtualDirectory path="/" physicalPath="C:\Program Files (x86)\Lansweeper\website" />
        </application>
        <bindings>
        <binding protocol="https" bindingInformation="*:443:" />
        </bindings>
    <hsts enabled="true" max-age="31536000" includeSubDomains="true"/>
</site>


https://docs.microsoft.c...sts#configuration-sample

I haven't tested, so proceed with caution by making backups and testing in dev first, etc.

Microsoft recommends that you set the max age to a shorter value during testing. https://docs.microsoft.c...t-security-protocol-hsts

Hope this helps.

Active Discussions

Lansweeper Last used system of users in a specific OU
by  chriscornelis   Go to last post Go to first unread
Last post: Yesterday at 11:11:35 AM(UTC)
Lansweeper Trying to display different versions of software
by  TimHolmes1973  
Go to last post Go to first unread
Last post: 10/28/2020 8:54:04 PM(UTC)
Lansweeper Switch & Port reports - SNMPInfo tables missing info
by  Maxlieb   Go to last post Go to first unread
Last post: 10/28/2020 1:02:24 PM(UTC)
Lansweeper Last Patch Date
by  Dan S   Go to last post Go to first unread
Last post: 10/26/2020 2:27:47 PM(UTC)
Lansweeper Webcam report, the wrong way
by  TimHolmes1973  
Go to last post Go to first unread
Last post: 10/23/2020 4:38:45 PM(UTC)
Lansweeper zerologin posted report
by  hanslepire   Go to last post Go to first unread
Last post: 10/23/2020 8:50:59 AM(UTC)
Lansweeper Need help finishing a report for Failed Logons
by  Helpdesk15  
Go to last post Go to first unread
Last post: 10/20/2020 3:10:33 PM(UTC)