Forum Discussion
Blue_whale
Cirrocumulus
CirrocumulusIrule - How this Secure Cookie Irule works ?
Can some one explain how this SECURE_COOKIE Irule works .
ltm rule SECURE_COOKIE {
when HTTP_RESPONSE_RELEASE {
set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach set_cookie_header $unsafe_cookie_headers {
HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure"
}
}
}
Dario_GarridoNoctilucent
The iRule adds the tag "Secure" to all "Set-Cookie" headers. This is done to avoid clients to use those cookie in case of being in a unsafe communication.
REF - https://en.wikipedia.org/wiki/Secure_cookie
KR,
Dario.
- Dario_Garrido
when HTTP_RESPONSE_RELEASE { # Get all values of Set-Cookie headers set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] # Remove the current unsafe Set-Cookie header HTTP::header remove "Set-Cookie" foreach set_cookie_header $unsafe_cookie_headers { # Insert a new Set-Cookie header with '<value>; Secure' for each one (to securize) HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure" } }
Blue_whaleDario thank you ,
what do you mean by unsafe communication ?