Forum Discussion
Stanislas_Piro2
Dec 11, 2015Cumulonimbus
Hi Jinshu,
To limit Man in the Middle attack on HTTP traffic, you can enable "HTTP Strict Transport Security"
This is a new feature in version 12.0 but you can enable it with an irule on previous version:
https://devcentral.f5.com/articles/implementing-http-strict-transport-security-in-irules
This feature tell the browser to always request HTTPS instead of HTTP even if the user entered http://www.company.com.
In this case, the browser will automatically request https://www.company.com for every new requests until HSTS Max-age expires.