CloudLink:远程 HTTPS 服务器未强制实施 HTTP 严格传输安全性 (HSTS)
Riepilogo: CloudLink:安全扫描报告“远程 HTTPS 服务器未强制实施 HTTP 严格传输安全 (HSTS)”
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
CloudLink:安全扫描报告:
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS) The remote HTTPS server does not send the HTTP "Strict-Transport-Security" header
HSTS 是一个可选的响应标头,可在服务器上配置,以指示浏览器仅使用 HTTPS 进行通信。缺少 HSTS 允许降级攻击、SSL 剥离中间人攻击,并削弱 cookie 劫持保护。
Causa
这似乎是安全工具报告的误报。
默认情况下,HSTS 在 CloudLink 上处于启用状态。
要确认,请在 Chrome 中查看 CloudLink HTTP 标头,并执行以下作:
默认情况下,HSTS 在 CloudLink 上处于启用状态。
要确认,请在 Chrome 中查看 CloudLink HTTP 标头,并执行以下作:
- Navigate to the Cloudlink UI login page. - Right click on white empty space and select 'Inspect'. - Select the 'Network' tab. - Select one of the Cloudlink HTTP requests on the left panel. - Match the response headers you're seeing to what we expect to see from the KB article
Risoluzione
HTTP 响应包含所有标头,默认情况下由 https://docs.spring.io/autorepo/docs/spring-security/4.2.3.RELEASE/reference/html/headers.html 设置
HTTP/1.1 200 OK Date: Fri, 22 May 2020 11:51:57 GMT Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Type: text/html Last-Modified: Tue, 10 Sep 2019 17:33:22 GMT Accept-Ranges: bytes Vary: Accept-Encoding, User-Agent ETag: W/"C/NxCAz49KYC/NwZBDEXzM" Content-Length: 1349
Prodotti interessati
CloudLink SecureVM, CloudLinkProprietà dell'articolo
Numero articolo: 000181096
Tipo di articolo: Solution
Ultima modifica: 09 feb 2026
Versione: 5
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.