Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

hsts scan result none

Nandhi
Cirrus
Cirrus

‎23-Aug-2023 21:01

We implemented hsts via irule. The ltm logs says headers are inserting but SSL labs results shows none. We tested the in chrome and can see the header values. Below is the rule.

HSTS for http vs:

 when HTTP_REQUEST {

if { [ HTTP::has_responded]} {return}

HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" 

}

HSTS for https vs:

when RULE_INIT { 

set static::expires [clock scan "12 month"] }

when HTTP_RESPONSE {

HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains;preload" 

log local0. "hsts Inserted" }

Any idea why its not flagged in scan results.

Labels:
0 Kudos
3 REPLIES 3

Nandhi
Cirrus
Cirrus

‎23-Aug-2023 23:10

Hi Edward,

The hsts already added via irule to the specific vs. We can see the inserted header in GET response and browser developer tools. But ssl labs not able to identify it (showing none). 

0 Kudos

P_Kueppers
MVP
MVP
In response to Nandhi

‎24-Aug-2023 02:38

Why you insert it via irule and not via http profile? are you testing your http:// url or https:// url on ssllabs? Is there maybe any redirect going on and ssllabs isnt doing that redirect, but browser does?

0 Kudos

LiefZimmerman
Community Manager
Community Manager
In response to Nandhi

‎25-Aug-2023 14:22

That previous reply was a spammer. Sorry for the confusion.

0 Kudos
Copyright © 2023 Khoros, LLC