Make Cookies Secure

This topic only applies if, when installing Geo SCADA Expert, you initially configured both the IIS HTTP port as well as the IIS HTTPS port and now no longer require the HTTP port and have disabled that port.

When you install Geo SCADA Expert, on the Web Server Ports Configuration page of the installation wizard you can opt to enable an IIS HTTP port in addition to configuring the IIS HTTPS port for the IIS reverse proxy setup (see Web Server Ports Configuration). If you do enable both ports, then a web.config file is written that does NOT include the secure cookie additions that are now available for HTTPS. These secure cookie additions are not compatible with HTTP.

If you decide that you no longer require the HTTP port and disable that port, the secure cookie additions for HTTPS are not automatically added to the web.config file. For improved security, we recommend that you add the secure cookie additions to the file.

To do this:

1. Locate the web.config file on the server. By default, the file is installed at this location:

   C:\Program Files\Schneider Electric\ClearSCADA\RootHost

2. Use a text editor to edit the file. Insert these lines after the </rules> section and before the </rewrite> section in the file:

   </rules>

   <outboundRules>

   <rule name="Ensure secure Cookies" preCondition="Missing secure cookie">

   <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />

   <action type="Rewrite" value="{R:0}; secure" />

   </rule>

   <preConditions>

   <preCondition name="Missing secure cookie">

   <!-- Don't remove the first line here -->

   <add input="{RESPONSE_Set_Cookie}" pattern="." />

   <add input="{RESPONSE_Set_Cookie}" pattern="; secure" negate="true" />

   </preCondition>

   </preConditions>

   </outboundRules>

   </rewrite>

3. Repeat the above procedure on any other Geo SCADA Expert servers in your system.