For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jon_Gilyeat_149's avatar
Jon_Gilyeat_149
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

HTTP::cookie and setting flags

I'm struggling with writing some irule logic which sets the httponly and secure flags on only the bigipserver cookies inserted by the F5 when using cookie session persistence, while not affecting any...
application delivery
design
devops
iRules
LTM
security
Jon_Gilyeat_149's avatar
Jon_Gilyeat_149
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

Tried this and it doesn't really work either:

when HTTP_RESPONSE {
  if { [HTTP::cookie starts_with "BIGipServer"] } {
     set ck_names [HTTP::cookie names]
     foreach aCookie $ck_names {
     HTTP::cookie remove $aCookie
     HTTP::cookie insert name $aCookie value $aCookie path / version 1
     HTTP::cookie httponly $aCookie enable
  }
}