HTTP::hsts

Description

This iRules command controls HTTP Strict Transport Security.

Syntax

HTTP::hsts
HTTP::hsts mode <enable|disable>
HTTP::hsts maximum-age <seconds>
HTTP::hsts include-subdomains <enable|disable>

# Introduced in v13
HTTP::hsts preload <enable|disable>

HTTP::hsts

  • Returns the corresponding sub-commands currently configured value for this connection.

HTTP::hsts mode <enable|disable>

  • Sets the HSTS mode on a per-flow basis, overriding the configured value in the HTTP profile.

HTTP::hsts maximum-age <seconds>

  • Sets the HSTS maximum-age on a per-flow basis, overriding the configured value in the HTTP profile.

HTTP::hsts include-subdomains <enable|disable>

  • Sets the HSTS include-subdomains on a per-flow basis, overriding the configured value in the HTTP profile.

HTTP::hsts preload <enable|disable>

  • Sets the HSTS preload on a per-flow basis, overriding the configured value in the HTTP profile. Note: This feature is in v13+ only.

Examples

when HTTP_REQUEST {
    if { [HTTP::uri] contains "secure"} {
        HTTP::hsts mode enable
        HTTP::hsts maximum-age 8600
        HTTP::hsts include-subdomains disable
        HTTP::hsts preload enable
    }
}

when HTTP_RESPONSE_RELEASE {
    log local0.debug "HTTP Strict-Transport-Security header: [HTTP::hsts]"
}