Difference between revisions of "F5 Big IP HSTS"
Jump to navigation
Jump to search
(Created page with "https://support.f5.com/csp/article/K68657325") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | set it for a redirect | ||
| + | ``` | ||
| + | HTTP::respond 301 Location "https://www.example.com[HTTP::uri]" Strict-Transport-Security "max-age=31536000" | ||
| + | |||
| + | default { HTTP::respond 301 Location "https://www.example.com[HTTP::uri]" Strict-Transport-Security "max-age=31536000"; persist none } | ||
| + | ``` | ||
| + | |||
| + | 301 redirect | ||
| + | https://support.f5.com/csp/article/K30114265 | ||
| + | |||
| + | VS response | ||
https://support.f5.com/csp/article/K68657325 | https://support.f5.com/csp/article/K68657325 | ||
| + | |||
| + | |||
| + | https://hstspreload.org/ | ||
| + | |||
| + | |||
| + | https://stackoverflow.com/questions/42866025/do-i-need-to-enable-hsts-in-addition-to-forcing-https-in-htaccess | ||
| + | |||
| + | |||
| + | https://support.f5.com/csp/article/K68657325 | ||
| + | |||
| + | ``` | ||
| + | nmap -p 443 --script http-security-headers 10.x.x.y | ||
| + | ``` | ||
| + | |||
| + | |||
| + | NGINX Example - | ||
| + | ``` | ||
| + | # Security headers | ||
| + | add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; | ||
| + | add_header X-Frame-Options DENY; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | add_header Content-Security-Policy "default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com;"; | ||
| + | add_header X-XSS-Protection "1; mode=block"; | ||
| + | add_header Referrer-Policy "origin"; | ||
| + | ``` | ||
| + | https://serverfault.com/questions/874936/adding-hsts-to-nginx-config | ||
Latest revision as of 04:02, 16 August 2022
set it for a redirect
HTTP::respond 301 Location "https://www.example.com[HTTP::uri]" Strict-Transport-Security "max-age=31536000"
default { HTTP::respond 301 Location "https://www.example.com[HTTP::uri]" Strict-Transport-Security "max-age=31536000"; persist none }
301 redirect https://support.f5.com/csp/article/K30114265
VS response https://support.f5.com/csp/article/K68657325
https://support.f5.com/csp/article/K68657325
nmap -p 443 --script http-security-headers 10.x.x.y
NGINX Example -
# Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com;"; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "origin";
https://serverfault.com/questions/874936/adding-hsts-to-nginx-config