Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Security BPA – IIS – BUG?

Solved591 views10th June 2024agent BPA security bpa
2
James Stokell [DevOps Advocate]493 22nd May 2024 0 Comments

Hello all,

I upgraded to the latest version of DM (v10.4.5.0-14239) and ran the security BPA as part of Kata #29, but the BPA keeps coming back saying it’s still insecure, even though I’ve followed the hardening guides.

Please note HTTP is open, but redirects to https as per the hardening guide.

Screenshot attached.

Am I doing something wrong or is the BPA checker faulty?

Thanks!

James Stokell [DevOps Advocate] Answered question 10th June 2024

2 Answers

  • Active
  • Voted
  • Newest
  • Oldest
1
Seppe Dejonckheere [SLC] [DevOps Advocate]2.24K Posted 22nd May 2024 7 Comments

Hi James,

I had a look at how the BPA checks for the redirection and it does so by making an http call to http://127.0.0.1 and verifying the returned http status code.

This does not work in your case, since IIS only accepts http calls to ‘dataminer’, ‘dataminer.[REDACTED].local’ and ‘localhost’ (the bindings) and not to ‘127.0.0.1’ (returning a 4XX status code).

I will make add an item to the backlog to make the redirect detection more robust. As a workaround for this issue, you can remove all http bindings except for one, and to make the hostname of that binding blank. This will make IIS accept http calls to every hostname and then redirect them to https.

Kind regards,

James Stokell [DevOps Advocate] Posted new comment 23rd May 2024
James Stokell [DevOps Advocate] commented 22nd May 2024

Thanks Seppe, as a means to suppress this message I have added a * http binding, and that’s now cleared the http warning, but not the HTTP Headers test.

Seppe Dejonckheere [SLC] [DevOps Advocate] commented 22nd May 2024

It is expected that the HTTP headers test still shows up, since it is valid for both http and https.

James Stokell [DevOps Advocate] commented 22nd May 2024

What I mean is that the http headers test is coming back still saying I’ve not set the correct headers as per the hardening guide, but I have.

Seppe Dejonckheere [SLC] [DevOps Advocate] commented 22nd May 2024

Excuse me for the misunderstanding. It’s a bit difficult to tell what the problem is without looking at the system, but there are several things you can check:
– did you restart IIS after making the changes?
– Can you check in a browser with the developer tools if the changes you made to the headers actually took affect?
– IIS has server level and site level settings, depending on where you made your changes, they can be overwritten by the settings of the other level.

James Stokell [DevOps Advocate] commented 22nd May 2024

Yeah, I restarted IIS and even a server reboot, looks like they have taken, but could you confirm? https://i.imgur.com/9zN4SHZ.png

Show 2 more comments
0
James Stokell [DevOps Advocate]493 Posted 10th June 2024 0 Comments

Hi all, Seppe and I have looked at this and the new version of DM (10.4.8) will resolve the issues I raised here.

James Stokell [DevOps Advocate] Answered question 10th June 2024
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs