CloudLink:遠端 HTTPS 伺服器未強制執行 HTTP 嚴格傳輸安全性 (HSTS)
Riepilogo: CloudLink:安全性掃描報告「遠端 HTTPS 伺服器未強制執行 HTTP 嚴格傳輸安全性 (HSTS)」
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
CloudLink:安全性掃描報告:
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS) The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header
HSTS 是一個可選的回應標頭,可以在伺服器上配置,以指示瀏覽器僅使用 HTTPS 進行通信。缺乏HSTS允許降級攻擊,SSL剝離中間人攻擊,並削弱cookie劫持保護。
Causa
這似乎是安全工具報告的誤報。
CloudLink 上的 HSTS 預設為啟用。
若要確認,請在 Chrome 中檢視 CloudLink HTTP 標頭,請執行下列步驟:
CloudLink 上的 HSTS 預設為啟用。
若要確認,請在 Chrome 中檢視 CloudLink HTTP 標頭,請執行下列步驟:
- Navigate to the Cloudlink UI login page. - Right click on white empty space and select 'Inspect'. - Select the 'Network' tab. - Select one of the Cloudlink HTTP requests on the left panel. - Match the response headers you're seeing to what we expect to see from the KB article
Risoluzione
HTTP 回應具有所有標頭,預設情況下由 https://docs.spring.io/autorepo/docs/spring-security/4.2.3.RELEASE/reference/html/headers.html 設定
HTTP/1.1 200 OK Date: Fri, 22 May 2020 11:51:57 GMT Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Type: text/html Last-Modified: Tue, 10 Sep 2019 17:33:22 GMT Accept-Ranges: bytes Vary: Accept-Encoding, User-Agent ETag: W/"C/NxCAz49KYC/NwZBDEXzM" Content-Length: 1349
Prodotti interessati
CloudLink SecureVM, CloudLinkProprietà dell'articolo
Numero articolo: 000181096
Tipo di articolo: Solution
Ultima modifica: 09 feb 2026
Versione: 5
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.