Forum Discussion

Robert_47833

Altostratus

Aug 22, 2012

set HTTPOnly in cookie

how to set HTTPOnly in cookie when HTTP::response?

Aug 22, 2012

e.g.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
   set ck [HTTP::header values "Set-Cookie"]
   HTTP::header remove "Set-Cookie"

   foreach acookie $ck {
      if {$acookie starts_with "BBB"} {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      } else {
         HTTP::header insert "Set-Cookie" "$acookie"
      }
   }
}
}

 response from server

[root@ve10:Active] config  curl -I http://200.200.200.101
HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 08:04:21 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Set-Cookie: AAA=1111; path=/
Set-Cookie: BBB=2222; path=/
Set-Cookie: CCC=1234; path=/
Content-Type: text/html; charset=UTF-8

 via bigip

[root@ve10:Active] config  curl -I http://172.28.19.79
HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 08:04:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8
Set-Cookie: AAA=1111; path=/
Set-Cookie: BBB=2222; path=/; HttpOnly
Set-Cookie: CCC=1234; path=/

nitass

Employee

Aug 22, 2012

e.g.

[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
   set ck [HTTP::header values "Set-Cookie"]
   HTTP::header remove "Set-Cookie"

   foreach acookie $ck {
      if {$acookie starts_with "BBB"} {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      } else {
         HTTP::header insert "Set-Cookie" "$acookie"
      }
   }

   HTTP::cookie secure "BBB" enable
   HTTP::cookie secure "CCC" enable
   HTTP::cookie secure "XYZ" enable
}
}

[root@ve10:Active] config  curl -I http://172.28.19.79
HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 10:01:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8
Set-Cookie: AAA=1111; path=/
Set-Cookie: BBB=2222;secure; path=/; HttpOnly
Set-Cookie: CCC=1234;secure; path=/

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

set HTTPOnly in cookie

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

Re: SYN Cookie operation

Re: LTM SYN Cookie Configuration

Secure and HTTPonly cookie

Lightboard Lessons: HTTP Cookie SameSite Attribute

set TOKEN [getfield [HTTP::uri]

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS