For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_Knapp's avatar
Steve_Knapp
Icon for Altostratus rankAltostratus
Mar 08, 2016

SOL13787: Configuring the 'secure' and 'HttpOnly' attributes for BIG-IP ASM cookies

The solution article "SOL13787: Configuring the 'secure' and 'HttpOnly' attributes for BIG-IP ASM cookies" gives instructions for enabling/disabling the secure and HttpOnly ASM cookie attributes. ...
ASM Advanced WAF
cookies
security
gowenfawr's avatar
gowenfawr
Icon for Nimbostratus rankNimbostratus
Mar 08, 2016

Once the attributes have been set via the command line, you can view them via the web UI. SOL13291 (unrelated except that it also describes setting with add_del_internal) describes this:

 

Modifying internal parameters from the Configuration utility

 

Once you have added these internal parameters from the command line using the previous steps, you may further modify the parameters from the Configuration utility by performing the following steps:

 

  1. Log in to the Configuration utility.
  2. Navigate to the following page:

BIG-IP ASM 11.3.0 and later

 

Security > Options > Application Security > Advanced Configuration > System Variables

 

BIG-IP ASM 10.2.2 through 11.2.1

 

Application Security > Options > Advance Configuration > System Variables

 

3.. In the Parameter Value box, enter the value you want for any of the three internal parameters that you added while performing the Initial configuration of internal parameters from the command line procedure.

 

To be clear, the values from SOL13787 won't show up until you've added them at the command line, so this is a method that you can tell whether they've been set at the command line, and you can verify what they've been set to as well.