Forum Discussion

Nimbostratus

Jun 20, 2013

LTM 11.1.0 Cookie httponly flag TCL errors

All, Have deploy cookie httponly flag for PCI compliance. New irule takes down the website when applied. I am running http classes and i had to do httpclass disable for other irules. Has anyo...

Cirrostratus

Jun 21, 2013

Hey Bryce,

Sorry for the slow reply on this. I got sidetracked. Because HttpOnly can only be set for cookies with version 1 or 2 and the default version is 0, this is probably the cause of the problem. Can you set the version to 1 first:


 Set HttpOnly on all LTM and app generated cookies
when HTTP_RESPONSE {
   set cookieNames [HTTP::cookie names]
   foreach aCookie $cookieNames {
      HTTP::cookie version $aCookie 1
      HTTP::cookie httponly $aCookie enable
   }
}

 Or just for one statically defined cookie:
when HTTP_RESPONSE {
   HTTP::cookie version myCookie 1
   HTTP::cookie httponly myCookie enable
}

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

LTM 11.1.0 Cookie httponly flag TCL errors

Recent Discussions

3rd party SFP

Custom Attack Signature for Accept Header

Upgrade to 'BIGIP-15.1.0.5-0.0.8 (Could not access configuration source; sda, 1)

how does gtm/dns monitor wild-ip pool members?

why the device certificate verify failed when the device certificate is not expired?

Related Content

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Cookie-based DDoS protection

8. SYN Cookie: Troubleshooting tcpdump

set HTTPOnly in cookie

Re: SYN Cookie operation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS