GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → FWest98 → hsts-iis-module

FWest98 / hsts-iis-module

Licence: other
IIS module for configuring and injecting the HSTS into IIS sites.

Programming Languages

C++
36643 projects - #6 most used programming language
C#
18002 projects
c
50402 projects - #5 most used programming language

Labels

hstsiishsts-iisiis-site

Projects that are alternatives of or similar to hsts-iis-module

windows-lab
Windows Automated Lab with Vagrant
Stars: ✭ 78 (+178.57%)
Mutual labels:  iis
React Pwa
An upgradable boilerplate for Progressive web applications (PWA) with server side rendering, build with SEO in mind and achieving max page speed and optimized user experience.
Stars: ✭ 2,433 (+8589.29%)
Mutual labels:  hsts
iis
Information Inference Service of the OpenAIRE system
Stars: ✭ 16 (-42.86%)
Mutual labels:  iis
Bonobo Git Server
Bonobo Git Server for Windows is a web application you can install on your IIS and easily manage and connect to your git repositories. Go to homepage for release and more info.
Stars: ✭ 1,693 (+5946.43%)
Mutual labels:  iis
Testssl.sh
Testing TLS/SSL encryption anywhere on any port
Stars: ✭ 5,676 (+20171.43%)
Mutual labels:  hsts
sensu-plugins-ssl
This plugin provides native SSL instrumentation for monitoring, including: hostname and chain verification, cert expiry, and Qualys SSL Labs reporting
Stars: ✭ 16 (-42.86%)
Mutual labels:  hsts
analog-ce
Analog CE
Stars: ✭ 14 (-50%)
Mutual labels:  iis
nuxt-security
Module for Nuxt.js to configure security headers and more
Stars: ✭ 46 (+64.29%)
Mutual labels:  hsts
Nginxconfig.io
⚙️ NGINX config generator on steroids 💉
Stars: ✭ 14,983 (+53410.71%)
Mutual labels:  hsts
mod harbour
Apache mod for Harbour
Stars: ✭ 40 (+42.86%)
Mutual labels:  iis
Fluentftp
An FTP and FTPS client for .NET & .NET Standard, optimized for speed. Provides extensive FTP commands, File uploads/downloads, SSL/TLS connections, Automatic directory listing parsing, File hashing/checksums, File permissions/CHMOD, FTP proxies, FXP support, UTF-8 support, Async/await support, Powershell support and more. Written entirely in C#,…
Stars: ✭ 1,943 (+6839.29%)
Mutual labels:  iis
Secure headers
Manages application of security headers with many safe defaults
Stars: ✭ 2,942 (+10407.14%)
Mutual labels:  hsts
tlsassistant
Fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
Stars: ✭ 24 (-14.29%)
Mutual labels:  hsts
Win Acme
A simple ACME client for Windows (for use with Let's Encrypt et al.)
Stars: ✭ 4,305 (+15275%)
Mutual labels:  iis
Brotli-IIS
Brotli Compression Scheme Plugin for Microsoft IIS 7+
Stars: ✭ 47 (+67.86%)
Mutual labels:  iis
KerberosConfigMgrIIS
Kerberos Configuration Manager for IIS
Stars: ✭ 40 (+42.86%)
Mutual labels:  iis
iis-docs
Documentation for IIS
Stars: ✭ 103 (+267.86%)
Mutual labels:  iis
IISManager
IIS Manager Extension for Azure Web Apps
Stars: ✭ 29 (+3.57%)
Mutual labels:  iis
django-windowsauth
Easy integration and deployment of Django projects into Windows Environments
Stars: ✭ 23 (-17.86%)
Mutual labels:  iis
cryptonice
CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration…
Stars: ✭ 91 (+225%)
Mutual labels:  hsts
View All Similar Projects ➔

NOTE that since Windows Server 2019, this feature is provided out-of-the-box in IIS, and this plugin is no longer necessary.

HSTS IIS Module

Project Description

A module for IIS which enables HTTP Strict Transport Security compliant with the HSTS Draft Specification (RFC 6797). As of version 2.0 the module can be configured to redirect insecure requests.

Downloads & Documentation

Downloads of the installers and binaries are available from GitHub

Documentation is made available in the documentation folder of this repository. Documentation topics include installation, [enabling HSTS](documentation/Enabling HSTS.md), and an assortment of [frequently asked questions](documentation/Frequently Asked Questions.md).

Project Structure

The project is split into three components: the module, the manager and the installer.

HSTS IIS Module

This project is the work horse of the plug-in. Developed in C++ the output of this is the actual IIS module, which could be installed and used standalone without the other components. It is responsible for subscribing to the events, injecting the HSTS header and performing the redirect (if necessary).

HSTS IIS Manager

The 'manager' project is the extension to the IIS manager (inetmgr.exe) and is developed in C#. This component gives the user a graphical interface to the configuration options.

HSTS IIS Installer

Unsurprisingly, this subject produces an MSI installer which handles the copies the DLLs and modifies the IIS configuration. It is developed using the WIX toolset.

Tooling

This project uses the Visual Studio built-in tooling to compile, build and run C++/C# code. Using the WiX Plugin, the installer can also be built. The VS solution is currently compatible with version VS2015 and all binaries are compiled with the same version of VS. Any other combination of IDE/compiler might result in unexpected behaviour or other problems.

Building and Compiling

Prerequisites

If you would like to compile the extension for yourself you will need a few prerequisites intalled:

  • Visual Studio 2015 (Community) - To build the module and the manager
  • WiX Toolset plugin - To build the installer
  • IIS 7.0 or above - Contains some dependencies of the manager that are required to build

A note on Strong Name Signing

The manager DLL must be signed in order to be installed into the Global Assembly Cache. It is a security issue to publish the private key used to sign the DLL which presents a bit of an issue. I wanted to ensure that the build process was as simple as possible so the instructions above will build the extension using a key that is included in the project and is therefore insecure. If you wish to build it with your own strong name key, please modify the settings in Visual Studio to do so.

Note: the official downloads of the project are signed with a secure key, not the one included in the project. It is sad that others cannot build exactly the same artifacts that are downloaded from the project site, but this is the best compromise I could come up with.

Justification

Whilst it is simple to add a custom header to an IIS site, there is no simple way to add the HSTS header in a way that is compliant with the draft specification (RFC 6797). Specifically from section 7.2:

An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport.

An additional driver for such a module is the seriousness of attack vectors such as sslstrip. It is hoped that simplicity of installation and configuration will avoid any excuse for not implementing the most effective defence against such attacks.

Thanks

Thanks to Phill from Dionach for the fantastic Strip Headers IIS extension which is, aside from a great extension, one of the best references for developing a native IIS module.

Thanks to Andrew Bancroft for his great work on improving this plugin and its documentation!

Thanks also to everyone that has taken the time to reported issues and suggest improvements.

Special thanks to Shane Argo for the great work he has done for the first versions of this plugin!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].