For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ben_Levin_9028's avatar
Ben_Levin_9028
Icon for Nimbostratus rankNimbostratus
Jan 04, 2017

HSTS on LTM

We are running 11.5.4 on several BIG IPs and want to implement HSTS. I understand the concept of using an iRule or a policy but I have a question. If our member web servers are doing HTTP only and S...
application delivery
hsts
LTM
security
ssl termination
JMD_164012's avatar
JMD_164012
Icon for Nimbostratus rankNimbostratus
May 03, 2018

Hi Guys,

 

In software version 12.x+ HSTS can be enabled in the HTTP profile. Does this mean we need to create separate HTTP profiles for our HTTPS VIPs in order to enable HSTS?

 

When I add HSTS into an HTTP profile on an HTTP virtual server the system accepts it. If I then try to add an irule to that VIP I get an error that says :

 

01070734:3: Configuration error: In Virtual Server (/Common/EXAMPLE_VIP_NAME) http with hsts enabled requires a client ssl profile

 

Please advise