How to add HSTS protocol in wcf service/ Adding Strict Transport security to my Raw response data [Resolved]

Posted by Self-Innovator under WCF on 1/23/2018 | Points: 10 | Views : 5459 | Status : [Member] | Replies : 1

Write New Post |

Search Forums | Answered

Resolved Posts |

Un Answered Posts |

Forums Home

Hi All,

I'm new to soapui, here my requirement i sto add an Strict Transport Security protocol to my WCF service and it has to be tested via SOAPUI tool.
I'm facing the issues when trying to add HSTS (Strict -Transposrt Security) protocol in my service.

I have added the following code in my web.config file to enable HSTS in my service

<system.webServer>
    <rewrite>
      <rules>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
              redirectType="Permanent" />
        </rule>
      </rules>
      <outboundRules>
        <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security"
              pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>

I'm getting the following error in my SOAPUI response I was facing the error as IIS 7.5 Detailed Error - 500.19 - Internal Server Error
when browsed i got one solution to modify the following line in

 <section name="handlers" overrideModeDefault="Deny" />

   <section name="handlers" overrideModeDefault="Allow" />

%windir%\system32\inetsrv\config\ApplicationHost.config file but still it's not working.

Is there someone can help me out.
Thanks in Advance

Join Hands Change lives
Thanks & Regards
Straight Edge Society

[Resolved]

Reply | Reply with Attachment

Alert Moderator

Responses

Posted by: Self-Innovator on: 1/24/2018 [Member] Bronze | Points: 25

0	It worked via IIS GUI setup. I have done the below steps to bring up the HSTS (Strict-Transport-Security protocol) in the soap ui Step 1: Open inetmgr (in cmd) -> Click on Sites -> Default Websites> Double click on Http Response Headers Step 2: Click on Add under actions sections menu in top right Step 3: Name:Strict-Transport-Security and Value: max-age=63072000; includeSubDomains; preload Step 4: Install URL rewrite (http://www.iis.net/downloads/microsoft/url-rewrite) in not present already Values ====== 1 year: 31536000 2 year: 63072000 Join Hands Change lives Thanks & Regards Straight Edge Society Self-Innovator, if this helps please login to Mark As Answer. \| Alert Moderator

It worked via IIS GUI setup.

I have done the below steps to bring up the HSTS (Strict-Transport-Security protocol) in the soap ui

Step 1: Open inetmgr (in cmd) -> Click on Sites -> Default Websites> Double click on Http Response Headers

Step 2: Click on Add under actions sections menu in top right

Step 3: Name:Strict-Transport-Security and Value: max-age=63072000; includeSubDomains; preload

Step 4: Install URL rewrite (http://www.iis.net/downloads/microsoft/url-rewrite) in not present already

Values
======
1 year: 31536000
2 year: 63072000

Join Hands Change lives
Thanks & Regards
Straight Edge Society

Self-Innovator, if this helps please login to Mark As Answer. | Alert Moderator

Latest Posts