For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kumar_Thota's avatar
Kumar_Thota
Icon for Altocumulus rankAltocumulus
Mar 19, 2020

HSTS on basic Auth call

We have configured basic auth on one of our APM policy on a virtual server. I have enabled HSTS on the HTTP profile and associated with the virtual i am using and When end user hit the URL he would be sent a 401 prompt to login. For that specific call i am unable to see HSTS in the header value. Am i missing something in my config? Is there a way to force insert HSTS in the header for 401 call?

application delivery
BIG-IP Access Policy Manager (APM)
security

2 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Mar 20, 2020

    which TMOS version? up to 12 there was a similar issue with this

     

    https://cdn.f5.com/product/bugtracker/ID565554.html