HTTP Strict Transport Security (HSTS)
arprasanna
Member ✭
Hello,
can any share me the Aflex script for HTTP Strict Transport Security (HSTS).
0
arprasanna
Member ✭
Comments
i have this Irule
when HTTP_REQUEST {
# save hostname for use in response
set fqdn_name [HTTP::host]
}
when HTTP_REQUEST {
if { not ([ HTTP::header exists "Strict-Transport-Security" ]) }
{ HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains" }
### enable logging only for testing
# log local0.info "#01 - HTTP-Header Strict-Transport-Security inserted for HTTP-Host: $fqdn_name
from Client: [IP::client_addr]:[TCP::client_port] ===> VS: [IP::local_addr]:[TCP::local_port]"
}
}
.
Done.
aFleX syntax error. Line 6: wrong # args: no script following "{ not ([ HTTP::header exists "Strict-Transport-Sec" argument
getting the above error message need to convert to aflex
I don't see anything wrong with the code on first glance. You might want to try using IF syntax like this:
if {} {
}
That's all I use and haven't had any problems. Could just be a parser glitch.
Hi John,
can you share code what you used.
This can be enable using http template. Here is an example:
! create a HTTP template
slb template http tp_add_HSTS
response-header-insert "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
! Bind the HTTP template to the vPort
slb virtual-server vip1 10.10.10.10
port 443 https
template http tp_add_HSTS
template client-ssl tp_client_ssl01
service-group sg_tcp_80
Hello, I set the following value in the HTTP Template
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Insert if not exist
HTTP Strict Transport Security (HSTS) is a crucial web security mechanism that enforces secure connections by instructing browsers to only communicate with websites over HTTPS. By mitigating man-in-the-middle attacks and ensuring data integrity, HSTS enhances user safety and reinforces the overall resilience of online communication protocols. https://fmapps.org