Forum Discussion

Nimbostratus

Jun 20, 2013

LTM 11.1.0 Cookie httponly flag TCL errors

All, Have deploy cookie httponly flag for PCI compliance. New irule takes down the website when applied. I am running http classes and i had to do httpclass disable for other irules. Has anyo...

Cirrostratus

Jun 20, 2013

Hey Bryce,

Sorry for the slow reply on this. I got sidetracked. Because HttpOnly can only be set for cookies with version 1 or 2 and the default version is 0, this is probably the cause of the problem. Can you set the version to 1 first:


 Set HttpOnly on all LTM and app generated cookies
when HTTP_RESPONSE {
   set cookieNames [HTTP::cookie names]
   foreach aCookie $cookieNames {
      HTTP::cookie version $aCookie 1
      HTTP::cookie httponly $aCookie enable
   }
}

 Or just for one statically defined cookie:
when HTTP_RESPONSE {
   HTTP::cookie version myCookie 1
   HTTP::cookie httponly myCookie enable
}

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)