F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Beinhard_8950's avatar
Beinhard_8950
Icon for Nimbostratus rankNimbostratus
Sep 02, 2010

Strict Transport Security

Hi,     I have a question, dows anyone implemented Strict Transport Security (STS/HSTS).   I have seen many guides to implement this on servers and so on but if you use a ADC then it would be...
config
design
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Sep 02, 2010
Most of the controls for STS seem to occur on the client end. Implementing looks to be a fairly simple iRule, inserting a header with appropriate options for your policy and limiting access to non-ssl resources on the client-side. The problem is going to be handling non-compliant browsers. I know Chrome supports it already and FF4 will have it, but what about IE and the others? That's a large chunk of site visitors, so you would need a mechanism (simple HTTP::respond with "Please use browser X, Y, Z" would work) to inform the users. It's always tricky to enforce adoption without losing users.