Upcoming Webinar: Register now >>

Introducing HTTP Strict Transport Security (HSTS) in v24.1 SLM Release

In the v24.1 SLM release, we’ve added support for HSTS to improve web security. To configure HSTS, follow these steps:

  1. Locate the appsettings.json file (default path: C:\Program Files\OpenLM\OpenLM Server\bin).
  2. Find the “HTTPSRequestsRedirectionEnabled” parameter (added after installation or upgrade) and set it to “true” to enable HSTS.
  3. Add an HTTPS section in the Kestrel Endpoint with the SSL link, following our SSL setup guide at https://www.openlm.com/docs/openlm-slm-installation-guide/setting-up-ssl-for-openlm-server-and-identity-service/. Choose a port different from the standard HTTP port.
  • To disable HSTS, revert the “HTTPSRequestsRedirectionEnabled” parameter to “false” and remove the added HTTPS section.
  • Ensure the HTTP section remains in the file for the OpenLM SLM to function properly.
  • Note: The HTTP section must always be present in the file, regardless of whether the address is SSL-secured or not.

 

What are your feelings
Skip to content