Nandhi
Aug 24, 2023Cirrus
hsts scan result none
We implemented hsts via irule. The ltm logs says headers are inserting but SSL labs results shows none. We tested the in chrome and can see the header values. Below is the rule.
HSTS for http vs:
when HTTP_REQUEST {
if { [ HTTP::has_responded]} {return}
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
HSTS for https vs:
when RULE_INIT {
set static::expires [clock scan "12 month"] }
when HTTP_RESPONSE {
HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains;preload"
log local0. "hsts Inserted" }
Any idea why its not flagged in scan results.