Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
Hello, After i do the fixes on Security Protocols in Healthcheck - they dont seem to stay in place. It doesnt matter if i set the headers in config through the backoffice or directly in web.config. They all are reverting as errors in Health Check.
Any ideas how i can make the fixes permanent? or what is overwriting them to be errors again? The web.config has the headers saved.
This is likely due to your permissions. The website isn't able to update the web.config.
Probably easiest thing to do is make the changes locally then upload the updated web.config.
I have tried the updating the web.config file manually.
The Health check is not recognizing that the headers are set and proceeds to show them as not set with option to fix in back office.
Sounds like you have something weird going on. Where are you hosting this and what version?
I've just tried this on Umbraco v8 and manually changing the settings reflects in my Health Check. Are you sure there's not something in the hosting overriding your web.config?
You know also that some of the settings are in /config/UmbracoSettings.config ?
I also get this behaviour.
The following headers are in my web.config
<remove name="X-Powered-By" />
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="sameorigin" />
<remove name="X-Content-Type-Options" />
<add name="X-Content-Type-Options" value="nosniff" />
<remove name="Strict-Transport-Security" />
<add name="Strict-Transport-Security" value="max-age=10886400" />
<remove name="X-XSS-Protection" />
<add name="X-XSS-Protection" value="1; mode=block" />
However my security health check fails to see that these are set. The IUSR and applicationPool both have read rewrite permissons to the web.config. The other issue I have is that the security check cant resolve the domain name. Am hosting in the Azure. Any help in getting this resolved would be great.
It is still an issue, but i believe it is going along the lines for domains and iis changes. The bindings for ports is a strange configuration and we are currently looking to bring them more in line. as this site is a live site - we are just trying to schedule that in.
I know it doesnt really answer the question - just an update i guess from my point.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted