Table of Content
If nothing else is stated, this documentation refers to the latest available version of DNN Hardening
In order to use DNN Hardening, make sure your environments meets the following requirements:
- For DNN Hardening 01.XX.XX: DNN >= 07.03.01
- For DNN Hardening 02.XX.XX: DNN >= 08.00.00 or DNN >= 09.00.00
- DNN Hardening (download here)
- License key for use in production (get license key here or request a free trial license key)
Please follow these steps to set up DNN Hardening:
- Download DNN Hardening from the download page.
- Log in to your DNN installation as host admin and navigate to “Host > Extensions”.
- Select “Install Extension Wizard” and follow the installation process.
- After a successful installation you should see a new menu item “DNN Hardening” under “Host”. Under this menu point, you can perform the (global) configuration.
- Enter your license key under “Host > DNN Hardening”.
Please follow these steps to upgrade your existing DNN Hardening module installation:
- Download the latest version of DNN Hardening for your DNN version from the download page.
- Make sure that your license key is still valid before performing the upgrade.
- Log in to your DNN installation and select “Settings > Extensions” (DNN 9) or go to “Host > Extensions” (DNN 7 or 8).
- Select “Install Extension” (DNN 9) or “Install Extension Wizard” (DNN 7 or 8) and follow the process.
The actual configuration of DNN Hardening is performed globally under “Host > DNN Hardening”.
- Enable hardening for local requests: If checked, the (activated) hardening features are also enabled for local requests
- Block extension installation for remote requests: If checked, extension installations are blocked for remote requests
- Block /install directory for none-SuperUsers: If checked, the access to the /install directory is only possible before logging in as SuperUser account
- Remove HTTP response headers: If checked, (unnecessary) HTTP headers like “X-AspNet-Version” get removed
- Add HSTS HTTP headers: If checked HSTS headers are added for (secure) connections
- Force HTTPS: Redirects all (insecure) requests to HTTPS. Please note “Force HTTPS” only works for portals for which “SSL Enabled” is set and if “SSL Enforced” is also set only on tabs which are marked as “secure”.
- License key: Your DNN Hardening license key
Enabling debug logging
Add the following lines right before the closing “</log4net>” to the file DotNetNuke.log4net.config which you’ll find in your website’s root directory.
<logger name="weweave.DnnHardening"> <level value="Debug" /> </logger>
Debug output will be written into the log files in this directory: Portals\_default\Logs
You can easily remove DNN Hardeningfrom your DNN installation by uninstalling the extension.