Forum Discussion
Ben_Levin_9028
Nimbostratus
NimbostratusHSTS on LTM
We are running 11.5.4 on several BIG IPs and want to implement HSTS. I understand the concept of using an iRule or a policy but I have a question. If our member web servers are doing HTTP only and S...
Kevin_Stewart
Employee
EmployeeAside from enabling HSTS on the BIGIP and seeing if anything breaks, are there other ways to mitigate this before enabling HSTS?
Sure. If the only HTTP you (believe you) have is the redirects to HTTPS, open a wire capture and filter on HTTP responses other than 301/302. If you see any, then there's probably something dishing out HTTP responses that shouldn't be.
You also only want to enable HSTS on the HTTPS VIPs.
