Set and proove the secure attribute in a cookie

Question

Hello, 
&nbsp;  
&nbsp;  following szenario: 
&nbsp;  
&nbsp; Internet - HTTPS - BigIP-ASM - HTTP - Webserver 
&nbsp;  
&nbsp; The BigIP should terminate the SSL traffic and should send it via plain HTTP to the webserver. Should be no problem. 
&nbsp;  
&nbsp; The webserver generates plain text cookies, the BigIP should transfer them via SSL and should also set the secure attribute.  
&nbsp;  
&nbsp; Is this possible with the BigIP or is there an other way to solve this? 
&nbsp;  
&nbsp; thx and have a nice day 
&nbsp;  
&nbsp; mIke

hoolio · Answer

Hi Mike, 
&nbsp;  
&nbsp; There isn't such functionality in ASM.  You could write an iRule which sets the Secure attribute on the cookie.  You'd use the HTTP::cookie secure' (Click here) command in the HTTP_RESPONSE event.  If you want help with this you could post in the iRule forum (Click here). 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Set and proove the secure attribute in a cookie

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

F5 AI Gateway - Secure, Deliver and Optimize GenAI Apps

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS