Forum Discussion

negin's avatar
negin
Icon for Altostratus rankAltostratus
Jun 06, 2019

HSTS

Hello Dear

when enable HSTS in profile insert HSTS in header but when test with ssl lab and another tools for test hsts show there is not hsts.How can I fix this problem?

my firmware f5 is 12.1.2 .

  • hello dear

    i test it but yet dont show hsts in ssl lab

    • Hello.

       

      Please, share the config of your VS (an other extras) and show also how you check that it's not working.

       

      KR,

      Dario.

      • negin's avatar
        negin
        Icon for Altostratus rankAltostratus

        hello dear

        i have check with burp suite check hsts.

        this config for hsts :

        }

        ltm virtual ShopMarket {

           destination 10.10.5.110:http

           ip-protocol tcp

           mask 255.255.255.255

           pool ShopMarket

           profiles {

               http { }

               tcp { }

           }

           rules {

               Redirect

           }

           source 0.0.0.0/0

           source-address-translation {

               type automap

           }

           translate-address enabled

           translate-port enabled

           vs-index 2

        }

        ltm virtual ShopMarket_HTTPS {

           destination 10.10.5.110:https

           ip-protocol tcp

           mask 255.255.255.255

           pool ShopMarket

           profiles {

               http { }

               oneconnect { }

               shopmarket {

                   context clientside

               }

               tcp-lan-optimized {

                   context clientside

               }

               tcp-wan-optimized {

                   context serverside

               }

           }

           rules {

               HSTS

           }

         

  • this IRULE HSTS:

    when RULE_INIT {

    set static::expires [clock scan 20200926]

    }

    when HTTP_RESPONSE {

     HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"

    }

      • negin's avatar
        negin
        Icon for Altostratus rankAltostratus

        Hello Dear

        when I Checked with curl and inspect Element firefox show hsts but when use ssl lab and burp suite for check does not display hsts.

  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    Try the following:

    when RULE_INIT {
        set static::expires [clock scan "12 month"]
    }
     
    when HTTP_RESPONSE {
        HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"
    }
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    Will you share the part of SSLAB report related to HSTS?