Forum Discussion
nitass_89166
Noctilucent
can you try sys httpd include?
e.g.
// default
[root@ve13a:Active:In Sync] config tmsh list sys httpd
sys httpd { }
[root@ve13a:Active:In Sync] config grep Strict-Transport-Security /config/httpd/conf/httpd.conf
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
[root@ve13a:Active:In Sync] config curl -Ik https://172.28.24.14
HTTP/1.1 200 OK
Date: Wed, 03 Jan 2018 23:51:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
Last-Modified: Wed, 03 Jan 2018 23:51:03 GMT
ETag: "f98a6e-f97-561e7e35fcb0c"
Accept-Ranges: bytes
Content-Length: 3991
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: http://127.4.1.1 http://127.4.2.1
Content-Type: text/html; charset=ISO-8859-1
// sys httpd include
[root@ve13a:Active:Changes Pending] config tmsh modify sys httpd include 'Header always set Strict-Transport-Security \"max-age=63072000; includeSubdomains;\"'
[root@ve13a:Active:In Sync] config grep Strict-Transport-Security /config/httpd/conf/httpd.conf
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
[root@ve13a:Active:In Sync] config curl -Ik https://172.28.24.14
HTTP/1.1 200 OK
Date: Thu, 04 Jan 2018 00:00:16 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Wed, 03 Jan 2018 23:52:37 GMT
ETag: "f996cd-f97-561e7e8fda551"
Accept-Ranges: bytes
Content-Length: 3991
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; img-src 'self' data: http://127.4.1.1 http://127.4.2.1
Content-Type: text/html; charset=ISO-8859-1
// save
[root@ve13a:Active:In Sync] config tmsh save sys config
Saving running configuration...
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.conf
Saving Ethernet mapping...done
[root@ve13a:Active:In Sync] config
Larry_Wichter
Jan 24, 2018Nimbostratus
Thank you - using sys httpd command solved this.