Forum Discussion
saidshow
Cirrus
CirrusHSTS / ASM connection drops
Hi All,
We currently implement HSTS as an iRule on the F5, we also decrypt and inspect traffic with ASM. There are discussions internally on our side about adding HSTS to the web server responses on the actual server rather than from the F5. If we were to do this, is it possible/likely that F5 ASM decrypting the traffic will then result in connection drops?
Thank you
SamirMVP
No. I have not faced this issue. However will suggest you to validate the HSTS setting in Test environment or non business hour (Prod Application) to 100% sure.
saidshowThanks . In our TEST environment I have HSTS setup on the F5. If the business does decide to do the HSTS in the app then we will certainly start in the TEST environment and monitor.
To confirm, you are using ASM, ASM is working as expected and HSTS is enabled in code rather than on the F5?
- Samir
No, I have enabled HSTS in F5 irule and vip has tagged with ASM policy. No issue found so far.
- saidshow
, that is what we have presently also and it works fine. Since we are looking at placing the HSTS in the app, the tunnel will be longer however the tunnel will need to be broken for ASM inspection - thus my expectation that this may cause a problem.