Forum Discussion

Nimbostratus

Oct 06, 2015

HSTS - Header not inserted with iRule

Dears; i enabled the below Irule for owa and Internet bank server (APACHE) , iRule for HSTS HTTPS Virtuals when RULE_INIT { set static::expires [clock scan 20110926] } when HTTP_RESP...

Nacreous

Oct 07, 2015

Is there anything in the response flow AFTER the F5 and the HTTP_RESPONSE event that could remove the header? Does the iBank virtual server have an http profile that specifies 'Response Headers Allowed', as if so it would be removing the STS header after you insert it (unless you update the profile to include Strict-Transport-Security).

So you'll just need to debug why it's not appearing at all for iBank. Ad the following statement immediately after the header insertion in HTTP_RESPONSE;-

   log local0. "STS:'[HTTP::header Strict-Transport-Security]'"

You can look at the log entries in /var/log/ltm.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HSTS - Header not inserted with iRule

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

Header Inserts

Insert Pool Name into serverside HTTP Header

Insert security header by ansible

IRULE for HTTP HEADER STRING find and replace

HEADER INSERT iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS