Setting HSTS header and SSL offload

Question

Hi everyone,&nbsp;We are planning to enforce STS header for all our sites through F5 . But the problem is, we are doing SSL offloading at F5 and all content will be served over http to F5.&nbsp;If we set STS on F5, won't it cause a problem doing SSL offloading as the resources might become unavailable when accessing over http?

nicolas_martin- · Answer

Hi!If you configure HSTS on F5 only on client-side, your F5 will still be able to retrieve resources from HTTP backend.If your client computer tries to reach backend server directly using HTTP and bypassing F5 their browser will complain about HSTS as soon they got the HSTS policy by reaching application through F5.Regards,

Forum Discussion

Setting HSTS header and SSL offload

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Set Header for Pool items and return it in the Virtual IP (VIP)

Security headers

HTTPS offload rewriting

FTPS Offload via iRules

Revocation Status in HTTP Request Header