Forum Discussion

Nimbostratus

Jul 21, 2015

I have applied a HSTS-Irule to a virtual server bit user is getting Invalid Strict-Transport-Security header

I have applied below Irule to a Virtual server: when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains" } While accessing the URL from brows...

dipta_03_149731

Nimbostratus

Jul 22, 2015

No Kevin, I am using a trusted certificate signed by CA.

Is this irule somewhat not compatible with AES_256_CBC SHA-1 cipher. And shall we apply some stronger cipher ?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

CIS

container ingress services

devops

Gateway Fabric

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

I have applied a HSTS-Irule to a virtual server bit user is getting Invalid Strict-Transport-Security header

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Question/Advice on iRule Remediating the Telerik (Unsafe Reflection Vulnerability (CVE-2025-3600)

Resetting to Factory Default

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Issue with IIS and Client Component Service Load balancing

Syslog Filter Configuration for Separating Audit and LTM logs.

Related Content

Implementing HTTP Strict Transport Security in iRules

WhiteBoard Wednesday: HTTP Strict Transport Security

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

Terraform apply failures - loadbalancer_type.https.port_choice

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS