HSTS security header is now standard
FlexNet Manager Suite version 2020 R2
Consistent with current security best practice for web-based applications, from the 2020 R2 release, the presentation server for the web interface of FlexNet Manager Suite issues the HSTS header (HTTP Strict Transport Security) with all responses. This header instructs all client web browsers to enforce HTTPS for access to the presentation server.
You are unlikely to see any immediate change in behavior with the
HSTS header in place:
- If you are already using the secure HTTPS protocol to access your presentation server, this access continues without any impact.
- If you always use the standard HTTP protocol to access the web interface of FlexNet Manager Suite, this will also continue unchanged. The client web browser only enforces HTTPS after the presentation server has been successfully accessed using the HTTPS protocol without any certificate errors.
- You may enforce security best practice by requiring the HTTPS protocol to access the presentation server in your production environment. A web browser responding to the HSTS header helps you here (for example, it automatically corrects the server URL if it is carelessly entered with the HTTP protocol, and sends the request using the HTTPS protocol).
- You may have a small test implementation in a less exposed network, for which you have only ever used the HTTP protocol (and, obviously, have not configured any 307 redirects to the HTTPS alternative protocol). The client web browser here continues to function with the standard HTTP protocol, because the HSTS requirement has not been triggered by any successful access using HTTPS.
FlexNet Manager Suite (On-Premises)
2021 R1