Data sent over a non-HTTPS connection is unencrypted and vulnerable to network sniffing attacks that can expose sensitive or confidential information. This includes non-secure cookies and other potentially sensitive data contained in HTTP headers. Even if no sensitive data is transmitted, man-in-the-middle (MITM) attacks are possible over non-HTTPS connections. An attacker who exploits MITM can intercept and change the conversation between the client (like web browsers and mobile devices) and the server.

Disabling HTTP and enabling HTTPS only in your IIS settings can avoid security vulnerabilities. Flexera cannot directly modify your existing IIS host settings since you may have other applications deployed on the same IIS. Below are instructions to update your settings to disable HTTP and fix the insecure vulnerability.

Disable HTTP in Data Platform and User Console

IMPORTANT: If Data Platform and User Console aren’t on the same host, these steps must be completed in the Internet Information Services (IIS) Manager settings for both Data Platform and User Console.

1. Open the IIS Manager settings for Data Platform or User Console.
   
2. Browse to the website where Data Platform or User Console is installed to. The default is "Default Web Site."
   
3. Select the website, and open Bindings in the Action panel.
   
4. Remove the HTTP bindings from the list and keep HTTPS only.
   
5. Re-run the Data Platform Configure Wizard with the default settings.
6. Re-run the User Console Configuration Wizard to update the website protocol type from HTTP to HTTPS at the Connect to Flexera Data Platform step.