I've been implementing HSTS (HTTP Strict Transport Security) on some of my virtual servers on the F5 LTM and I have a few questions that I hope some of you may know the answer to.
- I understand that you can enable it either as an iRule or as a HTTP profile. I'm doing it via a profile. In cases where you have two virtual servers (VS) for the same site/application (one VS for HTTP and one VS for HTTPS), do you apply the profile on just the HTTP VS or both HTTP and HTTP VS?
- I understand that once you enable HSTS on a site, you're committing to using TLS for that site and must have a valid certificate on that VS. Are there any issues when you replace the cert? I'm thinking no because that would just break the whole security of certificates...but I want to verify.
If you've had to enable HSTS before, do you have any tips or insight you want to share?
Thank you!
No comments:
Post a Comment