Forum Discussion

Robert_47833's avatar
Robert_47833
Icon for Altostratus rankAltostratus
Aug 22, 2012

set HTTPOnly in cookie

how to set HTTPOnly in cookie when HTTP::response?      
  • nitass_89166's avatar
    Aug 22, 2012
    e.g.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b pool foo list
    pool foo {
       members 200.200.200.101:80 {}
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_RESPONSE {
       set ck [HTTP::header values "Set-Cookie"]
       HTTP::header remove "Set-Cookie"
    
       foreach acookie $ck {
          if {$acookie starts_with "BBB"} {
             HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
          } else {
             HTTP::header insert "Set-Cookie" "$acookie"
          }
       }
    }
    }
    
     response from server
    
    [root@ve10:Active] config  curl -I http://200.200.200.101
    HTTP/1.1 200 OK
    Date: Wed, 22 Aug 2012 08:04:21 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Set-Cookie: AAA=1111; path=/
    Set-Cookie: BBB=2222; path=/
    Set-Cookie: CCC=1234; path=/
    Content-Type: text/html; charset=UTF-8
    
     via bigip
    
    [root@ve10:Active] config  curl -I http://172.28.19.79
    HTTP/1.1 200 OK
    Date: Wed, 22 Aug 2012 08:04:28 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: AAA=1111; path=/
    Set-Cookie: BBB=2222; path=/; HttpOnly
    Set-Cookie: CCC=1234; path=/