Bug ID 737355: HTTP Strict-Transport-Security (HSTS) headers not being added to all APM generated files

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
14.1.0, 13.1.1.2

Opened: Jul 18, 2018
Severity: 3-Major

Symptoms

HTTP Strict-Transport-Security (HSTS) headers are missing for some APM-generated files.

Impact

Without these headers, the user agent (browser) may switch to non-secure communication.

Conditions

This occurs when the following conditions are met: -- HTTP profile is configured with HSTS enabled. -- HTTP GET requests for APM renderer files, including CSS, JS, and image files from the webtop.

Workaround

None.

Fix Information

When the HTTP profile is configured with HSTS enabled, all APM renderer files are now sent with HSTS headers.

Behavior Change