Can somebody help me understand the below Irules for Secure Cookies,

1. ltm rule SSL-Renegotatiation-disabled { when CLIENTSSL_HANDSHAKE priority 1 { SSL::renegotiate disable }

Enable or disable the ability for the peer to request renegotiation. Renegotiation is enabled by default in BIG-IP versions prior to 10.1.0. When disabled, the peer is not allowed to request SSL renegotiation. Disabling SSL renegotiation can be used to prevent SSL injection vulnerability in applications which do not require SSL renegotiation.

2. didey@(kan-qa-vf5-a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule Shellshock_reject 

ltm rule Shellshock_reject ---> rune name { when HTTP_REQUEST { set pattern "() {"; if { [string match $pattern [HTTP::uri]] } { log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]' in URI '[HTTP::uri]'"; reject; } else { foreach header_name [HTTP::header names] { foreach header_value [HTTP::header values $header_name] { if { [string match $pattern $header_value] } { log local0. "Detected CVE-2014-6271 attack from '[IP::client_addr]' in HTTP Header $header_name = '$header_value'; URI = '[HTTP::uri]'"; reject; break;

This rule is basically to match certain pattern & reject connection in VIP

1. ltm rule HSTS-iRule { when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains" } }

HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS. It also prevents HTTPS click through prompts on browsers.