Forum Discussion
Beinhard_8950
Nimbostratus
NimbostratusStrict Transport Security
Hi,
I have a question, dows anyone implemented Strict Transport Security (STS/HSTS).
I have seen many guides to implement this on servers and so on but if you use a ADC then it would be...
JRahm
Admin
AdminPosted By L4L7 on 09/12/2010 08:42 PM
This is really interesting, thanks for posting. The good news is that you can accomplish most all of this by simply forcing every request through an SSL enabled virtual server. You can force any non-https request to that VS address back over to the SSL enabled VS. Also, stream profiles can rewrite non-https references for you on the fly.
I'm not saying that this is a superfluous concept at all, but it seems that with an ADC you can actually enforce much of this behavior so you're ahead of the game before you've even started. As far as inserting the header, I agree that this looks totally possible.
-Matt
This assumes all traffic goes through an F5 BIG-IP. Yes, we can do that, but not all appliances can. Maybe this std is to protect users who deploy "the other guy?" Just a little early Monday humor, folks, no need for flames...