Configure support for HTTP strict transport security (HSTS) 编辑
Citrix ADC appliances support HTTP strict transport security (HSTS) as an in-built option in SSL profiles and SSL virtual servers. Using HSTS, a server can enforce the use of an HTTPS connection for all communication with a client. That is, the site can be accessed only by using HTTPS. Support for HSTS is required for A+ certification from SSL Labs.
Enable HSTS in an SSL front-end profile or on an SSL virtual server. If you enable SSL profiles, then you must enable HSTS on an SSL profile instead of enabling it on an SSL virtual server. By setting the maximum age header, you specify that HSTS is in force for that duration for that client. You can also specify whether subdomains must be included. For example, you can specify that subdomains for www.example.com, such as www.abc.example.com and www.xyx.example.com, can be accessed only by using HTTPS by setting the IncludeSubdomains
parameter to YES.
If you access any websites that support HSTS, the response header from the server contains an entry similar to the following:
The client stores this information for the time specified in the max-age parameter. For subsequent requests to that website, the client checks its memory for an HSTS entry. If an entry is found, it accesses that website only by using HTTPS.
You can configure HSTS at the time of creating an SSL profile or an SSL virtual server by using the add command. You can also configure HSTS on an existing SSL profile or SSL virtual server by modifying it using the set command.
Configure HSTS by using the CLI
At the command prompt, type:
add ssl vserver <vServerName> -maxage <positive_integer> -IncludeSubdomains ( YES | NO)
set ssl vserver <vServerName> -HSTS ( ENABLED | DISABLED )
<!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论