Security – DMS configured on IP still works after enabling HTTPS

Solved1.45K viewsDMS HTTP HTTPS MaintenanceSettings.xml security
1
0 Comments

My DMS is configured with IP addresses for every agent in the cluster.

Since I now enabled HTTPS in maintenancesettings I would expect I need to configure the DMS to use hostnames, but the connection remains working as normal with IP addresses only.
Why is that? Is my DMS actually using HTTPS or do I need to enabled something else too?

EDIT: My bindings in IIS already had no mention of http anymore.

Miloš Sedláček [DevOps Enabler] Answered question 16th March 2023

4 Answers

1
5.36K 3 Comments

Hi Alexander,

Enabling HTTPS also requires changes in IIS. You can find more info on this docs page.

If you want to enforce HTTPS you should also remove the binding for HTTP in IIS manager. That way you will not be able to access it by using the IP address but only by the host name that is present on the certificate you have assigned to the HTTPS binding.

Baptiste Pattyn [SLC] [DevOps Enabler] Posted new comment 2nd June 2022
Gellynck Jens [SLC] commented

When enforcing HTTPS it’s also useful to block/disable inbound tcp port 80 (or the HTTP port configured in IIS) in the firewall.
Alexander Verriest [SLC] [DevOps Advocate] commented

Yes, I forgot to mention it, but I did update my bindings in IIS to have https only.
Baptiste Pattyn [SLC] [DevOps Enabler] commented

Normally the browser should then give a warning that the connection is not secure. If not try to hard reload the page because it is probably cached.
You are viewing 1 out of 4 answers, click here to view all answers.