Forum Discussion

Cirrocumulus

May 30, 2019

Irule - How this Secure Cookie Irule works ?

Can some one explain how this SECURE_COOKIE Irule works . ltm rule SECURE_COOKIE { when HTTP_RESPONSE_RELEASE { set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] HTTP::header...

Noctilucent

May 30, 2019

The iRule adds the tag "Secure" to all "Set-Cookie" headers. This is done to avoid clients to use those cookie in case of being in a unsafe communication.

REF - https://en.wikipedia.org/wiki/Secure_cookie

KR,

Dario.

Dario_Garrido
Noctilucent
May 30, 2019
when HTTP_RESPONSE_RELEASE { # Get all values of Set-Cookie headers set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] # Remove the current unsafe Set-Cookie header HTTP::header remove "Set-Cookie" foreach set_cookie_header $unsafe_cookie_headers { # Insert a new Set-Cookie header with '<value>; Secure' for each one (to securize) HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure" } }
- Blue_whale
  Cirrocumulus
  May 31, 2019
  Dario thank you ,
  
  what do you mean by unsafe communication ?
- Dario_Garrido
  Noctilucent
  May 31, 2019
  The client is not going to use the cookie tagged as "Secure" if the communication is through HTTP (unsecure).
  
  REF - https://en.wikipedia.org/wiki/Secure_cookie
  
  I would appreciate if you rate my answer.
  
  KR,
  Dario.