For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jon_Gilyeat_149's avatar
Jon_Gilyeat_149
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

HTTP::cookie and setting flags

I'm struggling with writing some irule logic which sets the httponly and secure flags on only the bigipserver cookies inserted by the F5 when using cookie session persistence, while not affecting any...
application delivery
design
devops
iRules
LTM
security
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
Jul 24, 2014
 when HTTP_RESPONSE {
     set ck_names [HTTP::cookie names]
     foreach ck_name $ck_names {
        if { [string tolower $ck_name] starts_with "bigipserver" } {
            set ck_value [HTTP::cookie value $ck_name]
            set ck_path [HTTP::cookie path $ck_name] 

            HTTP::cookie remove $ck_name
            HTTP::cookie insert name $ck_name value $ck_value path $ck_path version 1
            HTTP::cookie httponly $ck_name enable
        } 
    }
}