Forum Discussion

Nimbostratus

May 14, 2012

HSTS (HTTP Strict Transport Security)

Hi team, Was trying the HSTS irule posted in "https://devcentral.f5.com/weblogs/d...start.aspx". The vip on port 80 already had a ssl redirect irule (http to https). When the below irule...

Nimbostratus

Your issue is with the clock scan value

it should be [clock scan yyyymmdd]

or you can use this instead of what you are using

==i rule on https virtual===

when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=31536000 ; includeSubDomains" }

Cumulonimbus

May 11, 2018

when RULE_INIT { 
    set static::expires [clock scan "12 month"]
} 
when HTTP_RESPONSE { 
    HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains" 
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HSTS (HTTP Strict Transport Security)

Recent Discussions

APM with EntraID as idP / request signed

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

Related Content

Implementing HTTP Strict Transport Security in iRules

WhiteBoard Wednesday: HTTP Strict Transport Security

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

What is Transport Layer Security?

F5 Security Podcasts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS