Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Users\Administrator> Get-Website
Name ID State Physical Path Bindings
---- -- ----- ------------- --------
Default Web Site 1 Started %SystemDrive%\inetpub\wwwroot http *:80:
RX-7.srv.world 2 Started C:\inetpub\newsite http *:80:rx-7.srv.world
https *:443:rx-7.srv.world sslFlags=0
# set site name you'd like to enable HSTS
PS C:\Users\Administrator> [String]$MySite = "RX-7.srv.world"
# enable HSTS for the target site
PS C:\Users\Administrator> Set-IISConfigAttributeValue -ConfigElement (Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts") -AttributeName "enabled" -AttributeValue $true
# set [max-age] of HSTS as 31536000 sec (365 days)
# for [max-age], refer to https://hstspreload.org/
PS C:\Users\Administrator> Set-IISConfigAttributeValue -ConfigElement (Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts") -AttributeName "max-age" -AttributeValue 31536000
# set [includeSubDomains] of HSTS as enabled
# this option applys to all subdomains
PS C:\Users\Administrator> Set-IISConfigAttributeValue -ConfigElement (Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts") -AttributeName "includeSubDomains" -AttributeValue $true
# set [redirectHttpToHttps] of HSTS as enabled
PS C:\Users\Administrator> Set-IISConfigAttributeValue -ConfigElement (Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts") -AttributeName "redirectHttpToHttps" -AttributeValue $true
# set [preload] of HSTS as enabled
PS C:\Users\Administrator> Set-IISConfigAttributeValue -ConfigElement (Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts") -AttributeName "preload" -AttributeValue $true
# confirm settings
PS C:\Users\Administrator> Get-IISConfigElement -ConfigElement (Get-IISConfigCollectionElement -ConfigCollection (Get-IISConfigSection -SectionPath "system.applicationHost/sites" | Get-IISConfigCollection) -ConfigAttribute @{"name"=$MySite}) -ChildElementName "hsts"
Attributes : {enabled, max-age, includeSubDomains, preload...}
ChildElements : {}
ElementTagName : hsts
IsLocallyStored : True
Methods :
RawAttributes : {[enabled, True], [max-age, 31536000], [includeSubDomains, True], [preload, True]...}
Schema : Microsoft.Web.Administration.ConfigurationElementSchema
|