Forum Discussion

Nimbostratus

Apr 03, 2018

HSTS header in policy is NOT sent when redirecting

We are inserting an HSTS header using a policy (v 12). When a request comes into our virtual server, if the URI is just /, we have an iRule that will redirect the browser to a specific application. F...

application delivery

iRules

Thomas_Schaefer

Nimbostratus

Apr 04, 2018

Actually, I tried a few things but I must be missing something. In v12, there is an HSTS option in the HTTP profile, but I verified that does NOT get inserted when doing a redirect either. When I went to the a valid page that returned 200, I did see my value of the HSTS header. I know as I made it an odd max-age to verify.

Can it really work this way that the only way to add an HSTS header when doing a redirect is to do it manually in the iRule?

BTW, there is no option in the profile to insert a response header—just a request header.

Thanks,

Tom

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HSTS header in policy is NOT sent when redirecting

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

OSPF traps on BIG-IP v14

Problem with sending BotDefense logs to remote server

Change Content-Type from application/octet-stream to multipart/form-data

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Related Content

iRule to modify a content-security-policy header

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Insert header for APM policy

LTM Policy

F5 & Cisco ACI Essentials - Take advantage of Policy Based Redirect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS