Forum Discussion

Nimbostratus

May 27, 2021

Setting HSTS header and SSL offload

Hi everyone, We are planning to enforce STS header for all our sites through F5 . But the problem is, we are doing SSL offloading at F5 and all content will be served over http to F5. If ...

Cirrus

May 27, 2021

Hi!

If you configure HSTS on F5 only on client-side, your F5 will still be able to retrieve resources from HTTP backend.

If your client computer tries to reach backend server directly using HTTP and bypassing F5 their browser will complain about HSTS as soon they got the HSTS policy by reaching application through F5.

Regards,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Setting HSTS header and SSL offload

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Set Header for Pool items and return it in the Virtual IP (VIP)

FTPS Offload via iRules

SSL Offloading for specific IPs or range of IPs

set TOKEN [getfield [HTTP::uri]

Set x-frames-options header values depending on URI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS