LabVIEW
HSTS for compactRIO WebServer, and SSL Issues
Hello, I am securing a compactRIO-9040 on my network and have a few issues regarding HSTS and SSL.
Firstly, is there any way to have the webserver enable HSTS? I have disabled the HTTP webserver but Nessus still warns me that HSTS isn't enabled for the webserver. I have checked through:
- /etc/natinst/appweb/NISystemWebServer.conf
- /etc/natinst/appweb/NISystemWebServer.ini
- /etc/natinst/NISystemWebServer.ini.defaults
- /etc/natinst/share/ni-rt.ini
- /etc/natinst/share/niwebserver.conf
- /etc/natinst/webservices/webservices.ini
- /var/local/natinst/tracelogs/sslAdminSvc.cfg
- /var/local/natinst/webservices/NI/LVWSAuthSvc/WebService.ini
- /var/local/natinst/webservices/NI/LVWSSslAdmin/WebService.ini
- /var/local/natinst/webservices/NI/LVWSSysAdmin/WebService.ini
- /var/local/natinst/webservices/NI/nisysdetails/WebService.ini
- /var/local/natinst/webservices/NI/rtexecsvc/WebService.ini
- /var/local/natinst/webservices/NI/siws/WebService.ini
- /var/local/natinst/webservices/NI/sysapi/WebService.ini
to no avail, and I have been unable to find any documentation regarding it.
Another issue: Enabling HTTPS and disabling the HTTP webserver has resulted in the "Web-Based Monitoring" webpage failing to display (let's say the FPGA sits at 192.168.1.2, so https://192.168.1.2:443 is enabled and :80 is disabled).
I get a "Error 403" when visiting the Web-Based monitoring page (inspecting in Chrome points to "https://192.168.1.2/nisysdetails/system" having the 403 error).
Inspecting the web-page in Chrome shows an error with login.js:
This bug, where the Web-Based monitoring page is blank upon enabling HTTPS and disabling HTTP, has been around for multiple years now. I have experienced this with multiple 9040s, a 9034, and a 9048, all across multiple versions of LabVIEW (~2020 to now).
How can I fix this so that I can access the Web-Based monitoring page with HTTPS?
