For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...

Published Feb 11, 2020

Version 1.0

Ret. Employee

Joined February 06, 2020

View Profile

Aaron_Hooley

Ret. Employee

Joined February 06, 2020

View Profile

David_Scott

Employee

Feb 16, 2020

if you're on a version that doesn't support the HTTP::cookie attribute method (v11 mainly) here's a way to add the attribute it. Ideally you'd upgrade to v12+ but if that's not an option it does add the attribute. Obviously change SameSitee=none to

when HTTP_RESPONSE {
	set COOKIE_VAL [HTTP::header values "Set-Cookie"]
	HTTP::header remove "Set-Cookie"
 
	foreach COOKIE_NAME $COOKIE_VAL {
		HTTP::header insert "Set-Cookie" "${COOKIE_NAME}; SameSite=none"
                HTTP::cookie secure ${COOKIE_NAME} enable
	}
}

the above and this could probably be integrated together for older versions until they can upgrade.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS