Forum Discussion

Nimbostratus

Jan 03, 2011

iRule to secure All Cookies...

I would like to setup an iRule that secures all cookies that are traverse a specific VIP. I created the below iRule, and assigned it to the only secure VIP we have but it doesn't seem to be working a...

Altostratus

Jan 04, 2011

when HTTP_RESPONSE {
if { [HTTP::cookie exists "ASP.net_SessionID"] } {
HTTP::cookie secure "ASP.net_SessionID" enable 
} 
if { [HTTP::cookie exists ".ADAuthCookie"] } {
HTTP::cookie secure ".ADAuthCookie" enable }
}

The rule does compile so that's a start. See if the functionality works and if it does, I'll clean it up so it's as efficient/pretty as possible. This is simply enables the secure flag on cookies sent from pool members with the two names you mentioned.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to secure All Cookies...

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

Recommendation for Adv. Lab

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Related Content

Increased Security With First Party Cookies

Quarterly Security Notification October 2025

Avoiding Common iRules Security Pitfalls

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

iRule: Securing Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS