ASM TS cookies help - secureonly PER policy or per virtual?

Question

I am trying to make the ASM TS cookies Httponly and Secure HOWEVER I am not confident in setting those to Secure globally from the command line, because not all of my sites are secure.   I am assuming that this would then break ASM functionality due to the client not sending the cookie back to the server if not using https.  
&nbsp;
So is there any way to set Secure on these cookies either per virtual server or per ASM policy.  Regular iRules to modify cookies do not seem to modify the TS cookies.  
&nbsp;
Thanks.&nbsp;

patonbike · Answer

Nevermind, the flags only turn on the Secure attribute then the traffic is HTTPS.&nbsp;
https://support.f5.com/csp/article/K13787&nbsp;

samstep · Answer

Looks like you have found the answer yourself, inedeed the secure attribute will only apply to HTTPS: https://support.f5.com/csp/article/K13787&nbsp;

emre_ovali_1466 · Answer

You should change the database value with the following command from CLI. It is a global variable.&nbsp;
f5bigip /usr/share/ts/bin/add_del_internal add cookie_secure_attr 1 &nbsp;

Forum Discussion

ASM TS cookies help - secureonly PER policy or per virtual?

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Cookie-based DDoS protection

2. SYN Cookie: Operation

iControl REST Cookbook - Virtual Server (ltm virtual)

Encrypting Cookies

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS