Forum Discussion

Altostratus

Jun 06, 2019

HSTS

Hello Dear when enable HSTS in profile insert HSTS in header but when test with ssl lab and another tools for test hsts show there is not hsts.How can I fix this problem? my firmware f5 is 12.1.2 ...

Altostratus

Jun 19, 2019

this IRULE HSTS:

when RULE_INIT {

set static::expires [clock scan 20200926]

}

when HTTP_RESPONSE {

HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"

}

Dario_Garrido
MVP
Jun 19, 2019
I recommend you to check this video ->
https://www.youtube.com/watch?v=XoYp5e4kRW4

To test it, you need to check it using curl (see video) or using advanced browsing
>>Right Click Chrome Browser>>Inspect>>Network
>>Righ Click Mozilla Browser>>Inspect Element>>Network

KR,
Dario.
- negin
  Altostratus
  Jun 20, 2019
  Hello Dear
  when I Checked with curl and inspect Element firefox show hsts but when use ssl lab and burp suite for check does not display hsts.
- Dario_Garrido
  MVP
  Jun 20, 2019
  For me, everything seems to be working perfectly from F5 perspective.
  
  If you are receiving an MITM ERROR MESSAGE when you use Burp is totally normal, because Burp is The Man In The Middle and maybe it is trying to downgrade you communication to HTTP.
  
  The problem is your scenario, not the HSTS solution.
- Dario_Garrido
  MVP
  Jun 20, 2019
  Check this ->
  https://www.youtube.com/watch?v=NFZh7FjNNBo
  https://support.portswigger.net/customer/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser