AnsweredAssumed Answered

HTTP Strict Transport Security

Question asked by Birger Unell on Oct 28, 2014
Latest reply on Jan 4, 2017 by Hamish Rose

Hi,

 

How "HTTP Strict Transport Security" can be used/implement at Akamai ?

It seems it was discussed during last Edge Conference or Akamai University in Miami, unfortunately, I wasn't able to attend.

 

On F5 BIG-IP, it's implemented in an iRule:

### iRule for HSTS HTTP Virtuals ###   

when HTTP_REQUEST {   

    HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"   

}   

### iRule for HSTS HTTPS Virtuals ###   

when RULE_INIT {  

     set static::expires [clock scan 20110926]  

}  

when HTTP_RESPONSE {  

  HTTP::header insert Strict-Transport-Security "max-age=[expr {$static::expires - [clock seconds]}]; includeSubDomains"  

}

 

In my property Rule, I'm able to setup the http to https redirect and the header modification, but what about the clock scan ?

 

thank,

Outcomes