Set and proove the secure attribute in a cookie

Question

Hello, 
&nbsp;  
&nbsp;  following szenario: 
&nbsp;  
&nbsp; Internet - HTTPS - BigIP-ASM - HTTP - Webserver 
&nbsp;  
&nbsp; The BigIP should terminate the SSL traffic and should send it via plain HTTP to the webserver. Should be no problem. 
&nbsp;  
&nbsp; The webserver generates plain text cookies, the BigIP should transfer them via SSL and should also set the secure attribute.  
&nbsp;  
&nbsp; Is this possible with the BigIP or is there an other way to solve this? 
&nbsp;  
&nbsp; thx and have a nice day 
&nbsp;  
&nbsp; mIke

hoolio · Answer

Hi Mike, 
&nbsp;  
&nbsp; There isn't such functionality in ASM.  You could write an iRule which sets the Secure attribute on the cookie.  You'd use the HTTP::cookie secure' (Click here) command in the HTTP_RESPONSE event.  If you want help with this you could post in the iRule forum (Click here). 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Set and proove the secure attribute in a cookie

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Cannot ping external interface

Requirement for BIG-IQ VM Deployment in AWS

How can k8s CIS CRD VirtualServer reference existing APM Access profile?

F5 breaking Exchange authentication

Can't change sync type or failover after tenant upgrade.

Related Content

Quarterly Security Notification October 2025

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

BIG-IP security hardening and compliance checks

Securing MCP Servers with F5 Distributed Cloud WAF

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS