Support

How can I enable Strict Transport Security (HSTS) ?

Dana Anderson -

HTTP Strict Transport Security (HSTS) is a website security feature that forces web browsers to communicate with servers only through HTTPS connections. HSTS improves security and helps prevents man-in-the-middle attacks, downgrade attacks, and cookie-hijacking.

Cerberus FTP Server supports enabling HSTS on specific HTTPS listeners through a configuration file settings.  You must take care to only enable HSTS for listeners that have a valid SSL certificate (an SSL certificate that has been issued by a trusted CA, not a self-signed certificate).

 

You can enable it by setting the <useHSTS>false</useHSTS> value to true in the file:


C:\ProgramData\Cerberus LLC\Cerberus FTP Server\listeners_2.0.xml

Before you make any changes to that file you have to stop the GUI and the Windows Service, or the change won't be picked up.

Go to the File menu in the Cerberus FTP Server desktop admin UI and select Exit.

Open up the Service Control Manager and stop the Cerberus FTP Server Service. You will see “Cerberus FTP Server” listed in the services list. You can access the Service Control Manager by going into the Control Panel, selecting Administrative Tools, and then Services. Once the Service Control Manager is open, right-click on the Cerberus FTP Server service and select Stop.

Make the changes to the listeners you wish to enable HSTS in the listeners_2.0.xml file.

Restart the Cerberus FTP Server service from the Service Control Panel. Right-click on the service and select Start.

 

Example:

<listener ipAddress="XX.XXX.XX.XXX" type="HTTPS">
  <options>
    <isActive>true</isActive>
    <allowLogin>true</allowLogin>
    <listenPort>443</listenPort>
    <connectionLimit>500</connectionLimit>
    <showWelcomeMsg>false</showWelcomeMsg>
    <headerLogo contentType="filePath"></headerLogo>
    <loginIcon contentType="filePath"></loginIcon>
    <allowWebAccountRequest>true</allowWebAccountRequest>
    <showTimezone>false</showTimezone>
    <showLocalTime>true</showLocalTime>
    <allowUpdate>false</allowUpdate>
    <captcha showLogin="false" showRequest="false" showPassReset="false"></captcha>
    <allowPasswordReset>false</allowPasswordReset>
    <hsts enable="true"></hsts>
</options>
</listener>

Have more questions? Submit a request

Comments

Powered by Zendesk