locked
How to enable HSTS for asp.net project on IIS 8.5 RRS feed

  • Question

  • User907862759 posted

    I have been looking for how to enable HSTS on ASP.NET application. Finally found a way but I'm a bit confused with the value of tags. Please prefer the XML below, does the values in parentheses indicate that I should replace it with my value or are those a value themself?

    In case if this a wrong or inappropriate way to enable HSTS than any other way is also welcome.

        <rewrite>
          <rules>
            <rule name="HTTP to HTTPS redirect" stopProcessing="true">
              <match url="(.*)" />
              <conditions>
                <add input="{HTTPS}" pattern="off" ignoreCase="true" />
              </conditions>
              <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                  redirectType="Permanent" />
            </rule>
          </rules>
          <outboundRules>
            <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
              <match serverVariable="RESPONSE_Strict_Transport_Security"
                  pattern=".*" />
              <conditions>
                <add input="{HTTPS}" pattern="on" ignoreCase="true" />
              </conditions>
              <action type="Rewrite" value="max-age=expireTime" />
            </rule>
          </outboundRules>
        </rewrite>

    Please guide me through, never worked on HSTS before and couldn't find any examples.

    Thursday, January 23, 2020 10:34 AM

All replies