Forum Discussion
AltostratusExclude specific cookie from set_cookie_header iRule
We currently apply "Secure" and "HttpOnly" via the iRule below. We now need to exclude any cookie that starts with "XSRF-TOKEN" from the "HttpOnly" portion of this iRule. Any help in syntax would be appreciated!
when HTTP_RESPONSE { set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach set_cookie_header $unsafe_cookie_headers { HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" } }
3 Replies
Lee_SutcliffeNacreous
Try this... HTTP::cookie secure should return "enable" if it's been set according to the Wiki but I've not tested the output myself
https://devcentral.f5.com/Wiki/iRules.HTTP__cookie.ashx
when HTTP_RESPONSE { set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] if { not ([string tolower [HTTP::cookie value]] starts_with "XSRF-TOKEN") && ([HTTP::cookie secure] eq "enable" )} { HTTP::header remove "Set-Cookie" foreach set_cookie_header $unsafe_cookie_headers { HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" } else { return } } }
dgytechThank you again for your assistance, very much appreciated!! We were able to get it to work with a few tweaks.
when HTTP_RESPONSE { set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach set_cookie_header $unsafe_cookie_headers { if { $set_cookie_header starts_with "XSRF-TOKEN"} then { HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure" } else { HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" } } }- Lee_Sutcliffe
Pleased you got it working and thanks for sharing the final solution. :)
MP
