HSTS invalid

This topic contains 3 replies, has 2 voices, and was last updated by  Efff dd 4 weeks, 1 day ago.

  • Author
    Posts
  • #99280

    Efff dd
    Participant

    Hello

    I thought i could set the HSTS per site using

    @{
                ShortName          = park
                DNSSuffix          = "123.com"
                SiteAuthors        = ('WebOperator')
                State              = "Started"
                PHP                = "Present"
                IISSharedCustomErrors = 'Enabled'
                IISAnonymousAuth   = 'Enabled'
                IISAnonymousUser   = 'IUSR'
                Enable32Bit        = "Enabled"
                Certificate        = "*********************"
                RuntimeVersion     = 'Disabled'
                HSTS               = 'Present'
                HSTSAge            =  31536000
                Nodes              = ('WEB1', 'WEB2') 
                Applications       = @()
            }
    

    So now each site web.config look like this:
    add name="Strict-Transport-Security" value="'max-age=31536000'" /

    BUT SSLLabs.com states its invalid. i can see the 31536000 using chrome headers.
    anything i can do?

  • #99282

    Raymond Piller
    Participant

    What module are you using? For a minute, I thought you were using xWebAdministration, but don't see HSTS anywhere in that module.

  • #99354

    Efff dd
    Participant

    a custom module for headers.

    i see double quotes around the value ="'max-age=31536000'"

  • #99523

    Efff dd
    Participant
    {
    	[CmdletBinding()]
    	param
    	(
    		[parameter(Mandatory = $true)]
    		[System.String]
    		$Name,
    
    		[System.String]
    		$Value,
    
    		[parameter(Mandatory = $true)]
    		[System.String]
    		$Location,
    
    		[ValidateSet("Present","Absent")]
    		[System.String]
    		$Ensure
    	)
    
        $Existing = Get-TargetResource -Name $Name -Location $Location
    
        if ($Ensure -eq 'Present')
        {
            if ($Existing.Ensure -eq 'Present')
            {
                Write-Verbose "Updating  $Name for $Location with value $Value"
                #Set-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -AtElement @{name=$Name} -Value @{name=$Name; value=$Value}
                C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /"customHeaders.[name='$Name'].value:'$Value'"
    
            }
            else 
            {
                Write-Verbose "Adding  $Name for $Location with Value $Value"
                #Add-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -Value @{name=$Name; value=$Value}
                C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /+"customHeaders.[name='$Name',value='$Value']" 
    
            }
    
        }
        else
        {
            Write-Verbose "Removing  $Name from $Location"
            #Remove-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -AtElement @{name=$Name}
            C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /-"customHeaders.[name='$Name']" 
    
        }
        
    }
    

You must be logged in to reply to this topic.