Bug ID 737355: HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
14.1.0, 13.1.1.2

Opened: Jul 18, 2018

Severity: 3-Major

Symptoms

HTTP Strict-Transport-Security (HSTS) headers are missing for some APM-generated files.

Impact

Without these headers, the user agent (browser) may switch to non-secure communication.

Conditions

This occurs when the following conditions are met: -- HTTP profile is configured with HSTS enabled. -- HTTP GET requests for APM renderer files, including CSS, JS, and image files from the webtop.

Workaround

None.

Fix Information

When the HTTP profile is configured with HSTS enabled, all APM renderer files are now sent with HSTS headers.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips