For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dgsec_382722's avatar
dgsec_382722
Icon for Nimbostratus rankNimbostratus
Feb 01, 2019

HTTPOnly and Secure flags - Secure Logon

Hi everybody,   I am not an expert on F5 and trying to get more knowledge. I would like to add few Security atttibutes, in the HTTP Header. I know that we can use the iRule and write something, bu...
iRules
Secure Web Gateway
security
Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
Feb 01, 2019

Cookie and path can be secured. Have you check any cookie value is setup i.e. 

BIGIPCKIE

Below iRule can help to solve issue.

    when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
    if { $x equals "BIGIPCKIE" } {
        continue
    }
    set ckname $x
    set ckvalue [HTTP::cookie value $x] 
    set ckpath [HTTP::cookie $x path]
    HTTP::cookie remove $x
    HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
    HTTP::cookie secure $ckname enable
    HTTP::cookie httponly $ckname enable
    }
}