Strict transport security - HxGN SDx - Update 38 - Installation & Upgrade

Infrastructure Planning and Deployment for HxGN SDx

Language
English (United States)
Product
HxGN SDx
Search by Category
Installation & Upgrade
SmartPlant Foundation / SDx Version
10

Best practice for an application server exposed to the internet dictates that the server should be configured to communicate over HTTPS only and that any caller attempting to connect over HTTP is redirected to HTTPS.

To configure this behavior, the following section should be added to the application server and authorization server’s web.config files.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPs redirect" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="True"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent"/>
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="True">
<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*"/>
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true"/>
</conditions>
<action type="Rewrite" value="max-age=31536000"/>
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>

The IIS rewrite module needs to be enabled in order for this configuration to be effective.