Cookie insert via http:redirect - can it be configured "secure"?

Question

Using slightly changed example from DevCentral I am able to insert cookie on http redirect

when CLIENT_ACCEPTED {

set cookie [format "orig_lang=french; path=/; domain=client.com"]

}

when HTTP_REQUEST {

if { [HTTP::host] equals "web1.client.com" }

{

# Redirect to the requested host and URI (minus the port if specified)

HTTP::respond 302 Location "https://web2.client.com" "Set-Cookie" $cookie

}

Is it possible configure secure and httponly on that cookie?

Thank you in advance.

paulius · Answer

At face value this seems like it should work.

boneyard · Answer

yeah agree with Paulius, it should be possible. im not quite sure why you haven't just tried and see, seems easier then asking. or are you also asking how?

dmitriy_tiper · Answer

I did try iRule in my initial question and it works in terms of insertion of a cookie. May be I was unclear in what I am asking :) Yes, I am asking "how" - i.e. iRule syntax to allow this cookie also to be secure and httponly.

boneyard · Answer

Add this to your cookie string (set cookie ...) and you should be ok:
; secure; HttpOnly
&nbsp;
&nbsp;

Forum Discussion

Cookie insert via http:redirect - can it be configured "secure"?

4 Replies

Recent Discussions

TCL error: Can't call after responding - ERR_NOT_SUPPORTED invoked from within

Remote log WAF based on number of violations

Dynamic url redirection feasibility

Pulse secure Ssl vpn

Querying SNMP data for half-open connections on a virtual server

Related Content

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

How I did it - "Securing Nvidia Triton Inference Server with NGINX Plus Ingress Controller”

LockBit, Pwc2Own, AI, "Othello is solved" Oct30th to Nov5th, 2023 F5 SIRT This Week in Security

Multiple Ways to Configure Usage Reporting in NGINX

BIG-IP BGP Routing Protocol Configuration And Use Cases