HSTS not enabled

Question

I found the iRules for implementing HSTS.  They are inserting the headers but according to SSL labs the header is disabled.  Why is this&gt;&nbsp;
1:  iRule for HSTS HTTP Virtuals 
   2: 
   3: when HTTP_REQUEST {
   4:     HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
   5: }
   6:&nbsp;
   7:  iRule for HSTS HTTPS Virtuals 
   8: 
   9: when RULE_INIT {
  10:     set static::expires [clock scan 20110926]
  11: }
  12: when HTTP_RESPONSE {
  13:     HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"
  14: }&nbsp;

psilva · Answer

Hi~&nbsp;
It seems, according to these articles, that the default is disabled. Maybe check settings to enable?&nbsp;
check out:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-13-0-0/2.html&nbsp;
https://support.f5.com/csp/article/K40243113&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-inbound-data-protection-how-to-12-0-0/2.html&nbsp;
About 2/3 down that last link has steps on how to enable and this video (https://youtu.be/2ykG3f4Kg_0) shows how to enable HSTS in a HTTP profile.&nbsp;
Hope that helps&nbsp;
ps&nbsp;

jg · Answer

It looks like you copied some old example code. Change
set static::expires [clock scan 20110926]
&nbsp;to
static::expires [clock scan "12 month"]

Forum Discussion

HSTS not enabled

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Related Content

HSTS is not working.

to HSTS or not to HSTS

enable WebSocket profile.

Enable SAML Service Provider on F5 Distributed Cloud Application

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS