Forum Discussion

Nimbostratus

Sep 09, 2014

Aduit Log full of Operation not supported Errors

We created an irule to address a security audit that dinged us on "Sensitive Cookie Missing 'HTTPONLY' Attribute". Since then our audit log is full of errors from this irule. Though the irule appea...

Cirrostratus

Sep 10, 2014

This will do it I think, sorry no way to test right now;

when HTTP_RESPONSE {
 set ck [HTTP::header values "Set-Cookie"]
 if { $ck ne "" } {
  HTTP::header remove "Set-Cookie"

  foreach acookie $ck {
   if { [string tolower $acookie] contains "httponly" } {
    HTTP::header insert "Set-Cookie" "${acookie}"
    }
   else {
    HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
    }
   }
  }

 else { return }

}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Aduit Log full of Operation not supported Errors

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Conditional XOR operations

Re: SYN Cookie operation

Changing ASM support ID error page

Support and Help for DevCentral and Offline Contact

Security Operations Center - Helpers Behind the Scenes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS