Configure Public Key Pinning (HPKP) header in LTM 11.6

Question

Has anyone configured the HTTP Public-Key-Pins response header (rfc 7469) in LTM 11.6?&nbsp;

chris_grant · Answer

This is not something that is natively supported in 11.6.0, though there is a tracking ID to add it to a future release. You can open a support case and ask to have your case linked against ID 517825. This functionality won't likely find it's way backwards to 11.6.0, though.

awilhelm · Answer

You can insert headers in responses by calling HTTP::header insert in the HTTP_RESPONSE event in an iRule. See the HTTP::header documentation for more info: https://devcentral.f5.com/wiki/iRules.HTTP__header.ashx
Due to the nature of the information required in RFC 7469, you would unfortunately need to prepare a static header to be inserted and update it as needed when certificates potentially change.

bamchenry · Answer

A bit more detail on how to insert HPKP headers:
https://devcentral.f5.com/s/articles/20-lines-or-less-security-headers-18367

Forum Discussion

Configure Public Key Pinning (HPKP) header in LTM 11.6

3 Replies

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

Enriching AFM with public domain Threat Intelligence

SSLO in public cloud: Azure inbound L3 use case

Public Cloud Simplified with F5 NGINXaaS for Azure

F5 High Availability - Public Cloud Guidance

Public IP address display