For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JasonB_124480's avatar
JasonB_124480
Icon for Nimbostratus rankNimbostratus
Jun 24, 2015

iRule : BIGipServer cookies HttpOnly generating Improper version errors

Hi,   The following iRule is working fine to encrypt and set secure flag. Currently running on 11.2.1 HF13.   When adding HttpOnly flag we are receiving the following errors:   - Improper versi...
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Jul 22, 2015

It turns out, that other cookie related commands fail as well, as long as the cookie sent by the server does not have any additional attributes (tested in TMOS v11.5.1HF10.). I tried to add path, domain and comment attributes to a cookie received in the context of HTTP_RESPONSE using the HTTP::cookie commands. It always failed, as long as it was consisting of the name=value pair only. As soon as the server adds at least a single attribute, modifications can be applied.

 

Whenever the operation is successful, the new attribute=value pair will be inserted at the beginning of the additional attributes list. And if there is no attribute yet, the algorithm cannot put the new attribute in front of it ...

 

Thanks, Stephan