HTTPOnly and Secure flags - Secure Logon

Question

Hi everybody,&nbsp;
I am not an expert on F5 and trying to get more knowledge. I would like to add few Security atttibutes, in the HTTP Header. I know that we can use the iRule and write something, but in my case it is about the F5 website itself. I have the VPN page like https://vpn.mysite.com that I land in the “Secure Logon for F5 Network” - How can I add those Cookie Secure, HTTPOnly and plus the X-Frame-Options and other Security Headers for that page? How to achieve that and how/where to apply without brake anything?&nbsp;
Thank you!&nbsp;

samir_jha_52506 · Answer

Cookie and path can be secured. Have you check any cookie value is setup i.e. BIGIPCKIE
Below iRule can help to solve issue.
    when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
    if { $x equals "BIGIPCKIE" } {
        continue
    }
    set ckname $x
    set ckvalue [HTTP::cookie value $x] 
    set ckpath [HTTP::cookie $x path]
    HTTP::cookie remove $x
    HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
    HTTP::cookie secure $ckname enable
    HTTP::cookie httponly $ckname enable
    }
}

Forum Discussion

HTTPOnly and Secure flags - Secure Logon

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

F5 AI Gateway - Secure, Deliver and Optimize GenAI Apps

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS