Forum Discussion

Nimbostratus

Jan 04, 2017

HSTS on LTM

We are running 11.5.4 on several BIG IPs and want to implement HSTS. I understand the concept of using an iRule or a policy but I have a question. If our member web servers are doing HTTP only and S...

Employee

Jan 04, 2017

Aside from enabling HSTS on the BIGIP and seeing if anything breaks, are there other ways to mitigate this before enabling HSTS?

Sure. If the only HTTP you (believe you) have is the redirects to HTTPS, open a wire capture and filter on HTTP responses other than 301/302. If you see any, then there's probably something dishing out HTTP responses that shouldn't be.

You also only want to enable HSTS on the HTTPS VIPs.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HSTS on LTM

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

LTM Certificate expire

Re: LTM SYN Cookie Configuration

Monitor LTM policy

F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS