question

JaxPlanet-9550 avatar image
0 Votes"
JaxPlanet-9550 asked SamWu-MSFT answered

Enable HTTP Strict Transport Security (HSTS) on Server 2016 1607

Please help me enable HSTS in Windows Server 2016 1607.

Thank you in advance.

windows-server-iis
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SamWu-MSFT avatar image
0 Votes"
SamWu-MSFT answered

Hi @JaxPlanet-9550,

The same question you have asked in this thread and has been solved.

https://forums.iis.net/t/1251723.aspx?How+do+you+enable+HSTS+in+IIS+on+Server+2016+version+1607+

Usually, If you are running Windows Server 2016, open the Internet Information Services (IIS) Manager and click on the website. Double click HTTP Response Headers and add in a new header named "Strict-Transport-Security" The recommend value is "max-age=31536000; includeSubDomains" however, you can customize it as needed.

 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
     <system.webServer>
         <rewrite>
             <rules>
                 <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                     <match url="(.*)" />
                     <conditions>
                         <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                     </conditions>
                     <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                         redirectType="Permanent" />
                 </rule>
             </rules>
             <outboundRules>
                 <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                     <match serverVariable="RESPONSE_Strict_Transport_Security"
                         pattern=".*" />
                     <conditions>
                         <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                     </conditions>
                     <action type="Rewrite" value="max-age=max-age=31536000; includeSubDomains;" />
                 </rule>
             </outboundRules>
         </rewrite>
     </system.webServer>
 </configuration>




If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.