How to add HSTS protocol in wcf service/ Adding Strict Transport security to my Raw response data [Resolved]

Posted by Self-Innovator under WCF on 1/23/2018 | Points: 10 | Views : 704 | Status : [Member] | Replies : 1
Hi All,

I'm new to soapui, here my requirement i sto add an Strict Transport Security protocol to my WCF service and it has to be tested via SOAPUI tool.
I'm facing the issues when trying to add HSTS (Strict -Transposrt Security) protocol in my service.


I have added the following code in my web.config file to enable HSTS in my service
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>


I'm getting the following error in my SOAPUI response I was facing the error as IIS 7.5 Detailed Error - 500.19 - Internal Server Error
when browsed i got one solution to modify the following line in
 <section name="handlers" overrideModeDefault="Deny" />
to
   <section name="handlers" overrideModeDefault="Allow" />

%windir%\system32\inetsrv\config\ApplicationHost.config file but still it's not working.

Is there someone can help me out.
Thanks in Advance

Join Hands Change lives
Thanks & Regards
Straight Edge Society



Responses

Posted by: Self-Innovator on: 1/24/2018 [Member] Bronze | Points: 25

Up
0
Down

Resolved
It worked via IIS GUI setup.

I have done the below steps to bring up the HSTS (Strict-Transport-Security protocol) in the soap ui

Step 1: Open inetmgr (in cmd) -> Click on Sites -> Default Websites> Double click on Http Response Headers

Step 2: Click on Add under actions sections menu in top right

Step 3: Name:Strict-Transport-Security and Value: max-age=63072000; includeSubDomains; preload

Step 4: Install URL rewrite (http://www.iis.net/downloads/microsoft/url-rewrite) in not present already



Values
======
1 year: 31536000
2 year: 63072000


Join Hands Change lives
Thanks & Regards
Straight Edge Society

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response