Forum Discussion
Robert_47833
Aug 22, 2012Altostratus
set HTTPOnly in cookie
how to set HTTPOnly in cookie when HTTP::response?
- Aug 22, 2012e.g.
[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.79:80 ip protocol 6 rules myrule profiles { http {} tcp {} } } [root@ve10:Active] config b pool foo list pool foo { members 200.200.200.101:80 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_RESPONSE { set ck [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach acookie $ck { if {$acookie starts_with "BBB"} { HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly" } else { HTTP::header insert "Set-Cookie" "$acookie" } } } } response from server [root@ve10:Active] config curl -I http://200.200.200.101 HTTP/1.1 200 OK Date: Wed, 22 Aug 2012 08:04:21 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Set-Cookie: AAA=1111; path=/ Set-Cookie: BBB=2222; path=/ Set-Cookie: CCC=1234; path=/ Content-Type: text/html; charset=UTF-8 via bigip [root@ve10:Active] config curl -I http://172.28.19.79 HTTP/1.1 200 OK Date: Wed, 22 Aug 2012 08:04:28 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 Set-Cookie: AAA=1111; path=/ Set-Cookie: BBB=2222; path=/; HttpOnly Set-Cookie: CCC=1234; path=/
nitass
Aug 22, 2012Employee
e.g.
[root@ve10:Active] config b rule myrule list
rule myrule {
when HTTP_RESPONSE {
set ck [HTTP::header values "Set-Cookie"]
HTTP::header remove "Set-Cookie"
foreach acookie $ck {
if {$acookie starts_with "BBB"} {
HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
} else {
HTTP::header insert "Set-Cookie" "$acookie"
}
}
HTTP::cookie secure "BBB" enable
HTTP::cookie secure "CCC" enable
HTTP::cookie secure "XYZ" enable
}
}
[root@ve10:Active] config curl -I http://172.28.19.79
HTTP/1.1 200 OK
Date: Wed, 22 Aug 2012 10:01:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Content-Type: text/html; charset=UTF-8
Set-Cookie: AAA=1111; path=/
Set-Cookie: BBB=2222;secure; path=/; HttpOnly
Set-Cookie: CCC=1234;secure; path=/
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects