HTTP::hsts¶
Description¶
This iRules command controls HTTP Strict Transport Security.
Syntax¶
HTTP::hsts
HTTP::hsts mode <enable|disable>
HTTP::hsts maximum-age <seconds>
HTTP::hsts include-subdomains <enable|disable>
# Introduced in v13
HTTP::hsts preload <enable|disable>
HTTP::hsts mode <enable|disable>¶
- Sets the HSTS mode on a per-flow basis, overriding the configured value in the HTTP profile.
HTTP::hsts maximum-age <seconds>¶
- Sets the HSTS maximum-age on a per-flow basis, overriding the configured value in the HTTP profile.
HTTP::hsts include-subdomains <enable|disable>¶
- Sets the HSTS include-subdomains on a per-flow basis, overriding the configured value in the HTTP profile.
HTTP::hsts preload <enable|disable>¶
- Sets the HSTS preload on a per-flow basis, overriding the configured value in the HTTP profile. Note: This feature is in v13+ only.
Examples¶
when HTTP_REQUEST {
if { [HTTP::uri] contains "secure"} {
HTTP::hsts mode enable
HTTP::hsts maximum-age 8600
HTTP::hsts include-subdomains disable
HTTP::hsts preload enable
}
}
when HTTP_RESPONSE_RELEASE {
log local0.debug "HTTP Strict-Transport-Security header: [HTTP::hsts]"
}