Let’s see more on using HSTS with HAProxy and pfSense in this article. Bobcares, as a part of our pfSense Support Services offers solutions to every query that comes our way.

Using HSTS with HAProxy and pfSense

HSTS (HTTP Strict Transport Security) is a security feature that tells web browsers to only connect to a website over HTTPS, ensuring a secure connection. We can use HSTS with HAProxy in pfSense to add an extra layer of protection for the web apps. Some of the benefits of using HSTS are as follows:

1. Prevents Attacks: By enforcing HTTPS, HSTS makes it hard for attackers to intercept user data.

2. Builds Trust: Users see the padlock icon, knowing their data is safe.

HAPRoxy sits in front of the web server, adding the HSTS header to outgoing responses. This means we don’t have to change each server’s setup. The steps to set up the system are as follows:

1. Go to System > Packages > HAProxy > Config files in pfSense.

2. Find the config file for the frontend we want to secure.

3. In the frontend config section, find the http-response set-header directive.

4. Use it to add the Strict-Transport-Security header with the preferred settings.

5. Save the config file.

6. Go to System > Packages > HAProxy > Service in pfSense, and hit “Reload” to apply changes.

Example

Here, rspadd adds the HSTS header to HTTP responses, setting a max-age of 1 year and including all subdomains.

[Searching solution for a different question? We’re happy to help.]

Conclusion

We’ve provided the simple steps from our Experts to use HSTS with HAProxy and pfSense.