Forum Discussion
Gustavo_Lazarte
Nimbostratus
Nimbostratusremove CFID value from header
Hello,
in a security audit we are trying to remove or remove the Set-Cookie CFID value from HTTP::response for a security audit
here is the header
HTTP/1.1·200·OK(CR)(LF)
Connection:·close(CR)(LF)
Date:·Fri,·16·Oct·2009·14:24:57·GMT(CR)(LF)
Server:·Microsoft-IIS/6.0(CR)(LF)
X-Powered-By:·ASP.NET(CR)(LF)
Set-Cookie:·CFID=132674;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFTOKEN=65675058;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·JSESSIONID=7430852b76ea78392959;path=/(CR)(LF)
Set-Cookie:·CFTOKEN=;expires=Thu,·16-Oct-2008·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFID=;expires=Thu,·16-Oct-2008·14:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·SERVERID=webserver09;expires=Fri,·16-Oct-2009·17:24:57·GMT;path=/(CR)(LF)
Set-Cookie:·CFGLOBALS=urltoken%3DCFID%23%3D132674%26CFTOKEN%23%3D65675058%26jsessionid%23%3D7430852b76ea78392959%23lastvisit%3D%7Bts%20%272009%2D10%2D16%2010%3A24%3A57%27%7D%23timecreated%3D%7Bts%20%272009%2D10%2D16%2010%3A24%3A57%27%7D%23hitcount%3D2%23;expires=Sun,·09-Oct-2039·14:24:57·GMT;path=/(CR)(LF)
pragma:·no-cache(CR)(LF)
expires:·Fri,·16·Oct·2009·14:24:57·GMT(CR)(LF)
cache-control:·no-cache,·no-store,·must-revalidate(CR)(LF)
Content-Language:·en-US(CR)(LF)
Content-Type:·text/html;·charset=UTF-8(CR)(LF)
Set-Cookie:·BIGIP=150995210.20480.0000;·path=/(CR)(LF)
Let me know if you have any recomendations
3 Replies
hoolioCirrostratus
You can use HTTP::cookie remove CFID (Click here) to remove the cookies from the response in the HTTP_RESPONSE event:when HTTP_RESPONSE { Remove any cookies named CFID while {[HTTP::cookie exists "CFID"]}{ HTTP::cookie remove "CFID" } }
Aaron
Gustavo_Lazartethanks, we did it on the http profile encrypt- hoolioThat would encrypt the value--not remove it. But that is a good idea if you're trying to prevent someone from tampering with the cookie value.
Aaron
