Forum Discussion

Nimbostratus

Jan 22, 2018

HSTS via irule

I have 2 irules. 1 for HTTP HSTS and the other for HTTPS HSTS. they insert the headers but hsts is not enabled. I am running 11.5.4 so the HSTS config is not in my HTTP profile, how can I enable it...

iRules

security

kolom_265617

Cirrostratus

Jan 22, 2018

Hello pedinopa,

You should enable HSTS only on virtual servers with client SSL profiles.You can enable HSTS on HTTPS Virtual server using the below iRule.

when HTTP_RESPONSE { 
if { !([ HTTP::header exists "Strict-Transport-Security“ ])} 
{ HTTP::header insert "Strict-Transport-Security" "16070400" } 
}

pedinopa_170325

Nimbostratus

Jan 22, 2018

this is the snippit I took from the ssllabs report.

Strict Transport Security (HSTS)Disabled max-age=-199622101; includeSubDomains; enable

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HSTS via irule

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Related Content

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

to HSTS or not to HSTS

TMOS HSTS

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

Json parsing with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS