Author Posts

April 19, 2018 at 8:59 pm

Hello

I thought i could set the HSTS per site using

@{
            ShortName          = park
            DNSSuffix          = "123.com"
            SiteAuthors        = ('WebOperator')
            State              = "Started"
            PHP                = "Present"
            IISSharedCustomErrors = 'Enabled'
            IISAnonymousAuth   = 'Enabled'
            IISAnonymousUser   = 'IUSR'
            Enable32Bit        = "Enabled"
            Certificate        = "*********************"
            RuntimeVersion     = 'Disabled'
            HSTS               = 'Present'
            HSTSAge            =  31536000
            Nodes              = ('WEB1', 'WEB2') 
            Applications       = @()
        }

So now each site web.config look like this:
add name="Strict-Transport-Security" value="'max-age=31536000'" /

BUT SSLLabs.com states its invalid. i can see the 31536000 using chrome headers.
anything i can do?

April 19, 2018 at 9:13 pm

What module are you using? For a minute, I thought you were using xWebAdministration, but don't see HSTS anywhere in that module.

April 20, 2018 at 6:57 pm

a custom module for headers.

i see double quotes around the value ="'max-age=31536000'"

April 23, 2018 at 4:43 pm

{
	[CmdletBinding()]
	param
	(
		[parameter(Mandatory = $true)]
		[System.String]
		$Name,

		[System.String]
		$Value,

		[parameter(Mandatory = $true)]
		[System.String]
		$Location,

		[ValidateSet("Present","Absent")]
		[System.String]
		$Ensure
	)

    $Existing = Get-TargetResource -Name $Name -Location $Location

    if ($Ensure -eq 'Present')
    {
        if ($Existing.Ensure -eq 'Present')
        {
            Write-Verbose "Updating  $Name for $Location with value $Value"
            #Set-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -AtElement @{name=$Name} -Value @{name=$Name; value=$Value}
            C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /"customHeaders.[name='$Name'].value:'$Value'"

        }
        else 
        {
            Write-Verbose "Adding  $Name for $Location with Value $Value"
            #Add-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -Value @{name=$Name; value=$Value}
            C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /+"customHeaders.[name='$Name',value='$Value']" 

        }

    }
    else
    {
        Write-Verbose "Removing  $Name from $Location"
        #Remove-WebConfigurationProperty -Filter "/system.webServer/httpProtocol/customHeaders" -PSPath MACHINE/WEBROOT/APPHOST -Name Collection -Location $Location -AtElement @{name=$Name}
        C:\windows\system32\inetsrv\appcmd.exe set config "$Location" -section:system.webServer/httpProtocol /-"customHeaders.[name='$Name']" 

    }
    
}