Forum Discussion
Adding http only / secure flags to TS cookies per policy
- May 01, 2021
Hi Dave, it appears you are using iRule from the discussion. It was used to add those attributes to all cookies and skip for some selective cookies which were selected in switch statement.
If you want to add secure/httponly attributes only for ASM TS cookies but keep other session/application cookies unchanged, you can try using the below simpler version of iRule. This can be applied to 8443 ASM VIP. This should work on any version above 11.x
Reference: https://support.f5.com/csp/article/K11324
when HTTP_RESPONSE_RELEASE { foreach cookielist [HTTP::cookie names] { switch -glob [string tolower $cookielist] { "ts*" { HTTP::cookie secure $cookielist enable HTTP::cookie httponly $cookielist enable } default return } } }
Thanks Sanjay. The irule is now some what working, it is putting the http only flag but not applying the secure.
when CLIENT_ACCEPTED {
set is_ssl [PROFILE::exists serverssl]
}
when HTTP_RESPONSE_RELEASE {
set cookie_list [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
if { $is_ssl } then {
foreach cookie $cookie_list {
switch -glob -- [string tolower $cookie] {
"TS*" {
}
"*;*secure*httponly*" - "*;*httponly*secure*" {
}
"*;*httponly*" {
set cookie "[string trimright $cookie "; "]; Secure"
}
"*;*secure*" {
set cookie "[string trimright $cookie "; "]; HttpOnly"
}
default {
set cookie "[string trimright $cookie "; "]; Secure; HttpOnly"
}
}
HTTP::header insert "Set-Cookie" $cookie
}
} else {
foreach cookie $cookie_list {
switch -glob -- [string tolower $cookie] {
"TS*" {
}
"*;*httponly*" {
}
default {
set cookie "[string trimright $cookie "; "]; HttpOnly"
}
}
HTTP::header insert "Set-Cookie" $cookie
}
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com