F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Beinhard_8950's avatar
Beinhard_8950
Icon for Nimbostratus rankNimbostratus
Sep 02, 2010

Strict Transport Security

Hi,     I have a question, dows anyone implemented Strict Transport Security (STS/HSTS).   I have seen many guides to implement this on servers and so on but if you use a ADC then it would be...
config
design
L4L7_53191's avatar
L4L7_53191
Icon for Nimbostratus rankNimbostratus
Sep 12, 2010
This is really interesting, thanks for posting. The good news is that you can accomplish most all of this by simply forcing every request through an SSL enabled virtual server. You can force any non-https request to that VS address back over to the SSL enabled VS. Also, stream profiles can rewrite non-https references for you on the fly.

 

 

I'm not saying that this is a superfluous concept at all, but it seems that with an ADC you can actually enforce much of this behavior so you're ahead of the game before you've even started. As far as inserting the header, I agree that this looks totally possible.

 

 

-Matt