Hello Dearwhen enable HSTS in profile insert HSTS in header but when test with ssl lab and another tools for test hsts show there is not hsts.How can I fix this problem?my firmware f5 is 12.1.2 .

Hello negin Do you have a client SSL profile configured in the VS?Check this out ->https://support.f5.com/csp/article/K41335027 If you still have problems, I would use an iRule instead of enabling HSTS in the profilehttps://devcentral.f5.com/s/articles/implementing-http-strict-transport-security-in-irules KR,Dario.

hello dear i test it but yet dont show hsts in ssl lab

Hello. Please, share the config of your VS (an other extras) and show also how you check that it's not working. KR,Dario.

hello dear i have check with burp suite check hsts.this config for hsts :}ltm virtual ShopMarket { destination 10.10.5.110:http ip-protocol tcp mask 255.255.255.255 pool ShopMarket profiles { http { } tcp { } } rules { Redirect } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 2}ltm virtual ShopMarket_HTTPS { destination 10.10.5.110:https ip-protocol tcp mask 255.255.255.255 pool ShopMarket profiles { http { } oneconnect { } shopmarket { context clientside } tcp-lan-optimized { context clientside } tcp-wan-optimized { context serverside } } rules { HSTS }

Please, share also the rule "HSTS" and some proof that it's not working. Thanks.

HSTS | DevCentral

Dario_Garrido
MVP
Jun 07, 2019
Hello negin

Do you have a client SSL profile configured in the VS?
Check this out ->
https://support.f5.com/csp/article/K41335027

If you still have problems, I would use an iRule instead of enabling HSTS in the profile
https://devcentral.f5.com/s/articles/implementing-http-strict-transport-security-in-irules

KR,
Dario.
negin
Altostratus
Jun 16, 2019
hello dear
i test it but yet dont show hsts in ssl lab
- Dario_Garrido
  MVP
  Jun 17, 2019
  Hello.
  
  Please, share the config of your VS (an other extras) and show also how you check that it's not working.
  
  KR,
  Dario.
  - negin
    Altostratus
    Jun 19, 2019
    hello dear
    i have check with burp suite check hsts.
    this config for hsts :
    }
    ltm virtual ShopMarket {
       destination 10.10.5.110:http
       ip-protocol tcp
       mask 255.255.255.255
       pool ShopMarket
       profiles {
           http { }
           tcp { }
       }
       rules {
           Redirect
       }
       source 0.0.0.0/0
       source-address-translation {
           type automap
       }
       translate-address enabled
       translate-port enabled
       vs-index 2
    }
    ltm virtual ShopMarket_HTTPS {
       destination 10.10.5.110:https
       ip-protocol tcp
       mask 255.255.255.255
       pool ShopMarket
       profiles {
           http { }
           oneconnect { }
           shopmarket {
               context clientside
           }
           tcp-lan-optimized {
               context clientside
           }
           tcp-wan-optimized {
               context serverside
           }
       }
       rules {
           HSTS
       }
negin
Altostratus
Jun 19, 2019
this IRULE HSTS:
when RULE_INIT {
set static::expires [clock scan 20200926]
}
when HTTP_RESPONSE {
HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"
}
- Dario_Garrido
  MVP
  Jun 19, 2019
  I recommend you to check this video ->
  https://www.youtube.com/watch?v=XoYp5e4kRW4
  
  To test it, you need to check it using curl (see video) or using advanced browsing
  >>Right Click Chrome Browser>>Inspect>>Network
  >>Righ Click Mozilla Browser>>Inspect Element>>Network
  
  KR,
  Dario.
  - negin
    Altostratus
    Jun 20, 2019
    Hello Dear
    when I Checked with curl and inspect Element firefox show hsts but when use ssl lab and burp suite for check does not display hsts.

Cumulonimbus

Jun 20, 2019

Try the following:

when RULE_INIT {
    set static::expires [clock scan "12 month"]
}
 
when HTTP_RESPONSE {
    HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"
}

negin
Altostratus
Jun 20, 2019
Hello
I tested it but does not work

JG
Cumulonimbus
Jun 20, 2019
Will you share the part of SSLAB report related to HSTS?
- negin
  Altostratus
  Jun 22, 2019
  hello dear

Forum Discussion

HSTS

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

HSTS is not working.

to HSTS or not to HSTS

TMOS HSTS

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS