setting the secure bit on

Question

I tired the irule given here  but my vakuse keep comming back disabled 
&nbsp;  
&nbsp;  
&nbsp; when HTTP_RESPONSE {  
&nbsp;    
&nbsp;   
&nbsp;      Loop through each cookie in the response by name  
&nbsp;     foreach a_cookie [HTTP::cookie names] {  
&nbsp;    
&nbsp;        log local0. "$a_cookie=[HTTP::cookie value $a_cookie], secure: [HTTP::cookie secure $a_cookie]"  
&nbsp;    
&nbsp;         Set the secure flag on the cookie.  
&nbsp;          The flag only seems to be set if it's not there already, so no need to check the original state first  
&nbsp;        HTTP::cookie secure $a_cookie enable   
&nbsp;     }  
&nbsp;  }  
&nbsp;  
&nbsp;  
&nbsp; Fri Jan 22 09:23:33 EST 2010 tmm tmm[1628]   Rule setting_secure_flag_to_on HTTP_RESPONSE: JSESSIONID=25C204CE868CB3507E6EA51163E841E6, secure: disable  
&nbsp;  
&nbsp;  
&nbsp; any ideas how to change that disable  respones to enable  
&nbsp;  
&nbsp;  
&nbsp; Thanks  
&nbsp;

hoolio · Answer

Hi Al, 
&nbsp;  
&nbsp; That rule is logging the fact that the cookie value isn't set before setting it.  Are you sure it's not setting the flag on the JSESSIONID cookie?  It looks like the rule should work as it is. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

Forum Discussion

setting the secure bit on

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more

Securing Model Serving in Red Hat OpenShift AI (on ROSA) with F5 Distributed Cloud API Security

F5 AI Gateway - Secure, Deliver and Optimize GenAI Apps

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS