Disabling HSTS on pfSense webconfigurator

For some time HSTS has been a stupid way to deter people from doing what they have no idea of doing, and now pfSense forces the use of HSTS on its webconfigurator, effectively making all port forwarded secure connections difficult to reach. Stubborn pfSense devs refuse to make an option to disable it, but here is a way to do it.

  1. Enable SSH and open /etc/inc/system.inc

2017-09-16 11_29_34-router.home.mananet.net - PuTTY

2. Remove add_header Strict-Transport-Security line.

3. Reboot the machine, only restarting webconfigurator won’t work.


Now you can host other secure connections with peace of mind.


Leave a Reply

Your email address will not be published. Required fields are marked *