We moved our Orion Web Console from HTTP to HTTPS after a fresh Install of SolarWinds 2020.2. Updated Orion Website from IIS Manager to bind to cert provided by CA. Our security team ran scans and they found the below vulnerabilities.
Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag)
Missing Secure Flag From SSL Cookie (http-cookie-secure-flag)
HTTP OPTIONS Method Enabled (http-options-method-enabled)
I followed the hardening guide (link below) and I am not sure what additional steps are missing. Any Ideas.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.