HPKP and HSTS in haproxy-1.6.6 (package 0.48_1)

chris1982

hello,

Is it possible to activate HPKP and HSTS in the haproxy package 0.48_1?
I found the HSTS option in the Backend section (https://forum.pfsense.org/index.php?topic=90226.0), but not in the Frontend section.
Because i have no custom feld in the Frontend section, i can't add the http header options for HPKP and HSTS.

HSTS (config line for nginx e.g.)
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

HPKP (config line for nginx e.g.)
add_header Public-Key-Pins

Let's Encrypt DST Root CA X3 - Haupt CA

'pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=";

Let's Encrypt Authority X3

pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";

Let's Encrypt Authority X4

pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";

Gültigkeit: 2 Monate

max-age=5184000';

PiBa

Pretty much anything belonging with a frontend can be configured in the 'Advanced pass thru' field. Or did you mean something else?

Something like this:

http-response add-header Public-Key-Pins "pin-sha256=\"KEY1\"; pin-sha256=\"KEY2\"; max-age=15768000"

p.s. Do start with low age like 60 seconds, until your sure you've got the configuration right.