HSTS help with Server Name Identification

Question

Hi,&nbsp;
I created an iRule to add HSTS on my VS as shown below.  This is working.
when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains" }&nbsp;
Now, for my VS, I added SNI (I have the three SSL client profiles and enabled it) so my VS can respond to non-www, and www on the one IP address.  SSL key is a SSL SAN key and contains the non-www and www names.&nbsp;
When I go to SSL Labs, the non-www gets an A+.  It shows HSTS is enabled.  However, in the www site, SSL Labs gives it an A.  It says HSTS is not enabled.&nbsp;
What am I missing here?&nbsp;
Thanks&nbsp;

kevin_stewart · Answer

Try accessing the two sites from a browser client with Fiddler installed. See if you're getting the Strict-Transport-Security header from both sites.&nbsp;

kai_wilke · Answer

Hi Eddie,
you could try to insert the HSTS headers even for your redirects.
HTTP::respond 301 "Location" "YourTargetURL" "Strict-Transport-Security" "max-age=31536000; includeSubDomains"

Cheers, Kai

Forum Discussion

HSTS help with Server Name Identification

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

TMOS HSTS

Enforcing HSTS (HTTP Strict Transport Security) in LineRate

Server Profile SNI

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

New VS creation identification in Logs