For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jon_Gilyeat_149's avatar
Jon_Gilyeat_149
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

HTTP::cookie and setting flags

I'm struggling with writing some irule logic which sets the httponly and secure flags on only the bigipserver cookies inserted by the F5 when using cookie session persistence, while not affecting any...
application delivery
design
devops
iRules
LTM
security
Jon_43169's avatar
Jon_43169
Icon for Nimbostratus rankNimbostratus
Jul 24, 2014

We have an ASM module, but we've not deployed it yet.

After spending some time beating on it a bit more, I've managed to sort it out:

when HTTP_RESPONSE {
   set ck [HTTP::header values "Set-Cookie"]
   foreach acookie $ck {
      if {$acookie starts_with "BIGipServer"} {
         HTTP::header replace "Set-Cookie" "${acookie}; HttpOnly"
      }
   }
}