Forum Discussion

ekanathdas_2662's avatar
ekanathdas_2662
Icon for Nimbostratus rankNimbostratus
May 14, 2012

HSTS (HTTP Strict Transport Security)

Hi team, Was trying the HSTS irule posted in "https://devcentral.f5.com/weblogs/d...start.aspx". The vip on port 80 already had a ssl redirect irule (http to https). When the below irule...
application delivery
dev
devops
iRules
Yasir_Al-Musawi's avatar
Yasir_Al-Musawi
Icon for Nimbostratus rankNimbostratus
Feb 25, 2016

Your issue is with the clock scan value

 

it should be [clock scan yyyymmdd]

 

or you can use this instead of what you are using

 

==i rule on https virtual===

 

when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=31536000 ; includeSubDomains" }

 

  • san2hosh_306591's avatar
    san2hosh_306591
    Icon for Nimbostratus rankNimbostratus
    May 11, 2018

    Well I used the Below Rule. And, my user complained that as the days are passing the time seems to be decreasing. So is their any static rule that can make it same clock seconds everyday?

     

    Here is my rule: when RULE_INIT { set static::expires [clock scan 31536000] } when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains" }

     

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    May 11, 2018
    when RULE_INIT { 
    set static::expires [clock scan "12 month"]
} 
when HTTP_RESPONSE { 
    HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains" 
}