Monday, 5 October 2015

How to enable HSTS in IIS / Azure

Before proceeding read more about hsts at

In this post we will go through the steps to enable HSTS in IIS or Azure Web Applications

First locate web.config in C:\inetpub\wwwroot (if you use IIS)  or /site/wwwroot (In Azure web Applications), if no such file is found ,Create new file named web.config

Add the following content to the file

                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                    <match url="(.*)" />
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                        redirectType="Permanent" />
                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                    <match serverVariable="RESPONSE_Strict_Transport_Security"
                        pattern=".*" />
                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                    <action type="Rewrite" value="max-age=31536000" />

save and replace with existing web.config

Now check the http://{URL} in  the browse, you will automatically redirected to https://{URL}, Great HSTS is sucessfully implemented in IIS / Azure.

No comments:

Post a Comment