setting the secure bit on

Question

I tired the irule given here  but my vakuse keep comming back disabled 
&nbsp;  
&nbsp;  
&nbsp; when HTTP_RESPONSE {  
&nbsp;    
&nbsp;   
&nbsp;      Loop through each cookie in the response by name  
&nbsp;     foreach a_cookie [HTTP::cookie names] {  
&nbsp;    
&nbsp;        log local0. "$a_cookie=[HTTP::cookie value $a_cookie], secure: [HTTP::cookie secure $a_cookie]"  
&nbsp;    
&nbsp;         Set the secure flag on the cookie.  
&nbsp;          The flag only seems to be set if it's not there already, so no need to check the original state first  
&nbsp;        HTTP::cookie secure $a_cookie enable   
&nbsp;     }  
&nbsp;  }  
&nbsp;  
&nbsp;  
&nbsp; Fri Jan 22 09:23:33 EST 2010 tmm tmm[1628]   Rule setting_secure_flag_to_on HTTP_RESPONSE: JSESSIONID=25C204CE868CB3507E6EA51163E841E6, secure: disable  
&nbsp;  
&nbsp;  
&nbsp; any ideas how to change that disable  respones to enable  
&nbsp;  
&nbsp;  
&nbsp; Thanks  
&nbsp;

hoolio · Answer

Hi Al, 
&nbsp;  
&nbsp; That rule is logging the fact that the cookie value isn't set before setting it.  Are you sure it's not setting the flag on the JSESSIONID cookie?  It looks like the rule should work as it is. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

Forum Discussion

setting the secure bit on

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Disastser Recovery

F5 breaking Exchange authentication

Dump all host running services during APM logon

External Data Group Import Failing.

Can F5 restrict the file types transferred via FTP?

Related Content

Quarterly Security Notification October 2025

Positive Security vs. Negative Security: A Comparison Using F5's Security Portfolio

BIG-IP security hardening and compliance checks

Securing MCP Servers with F5 Distributed Cloud WAF

What is Shape Security?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS