iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0Hoolio
Ret. Employee
Joined February 06, 2020
Hoolio
Ret. Employee
Joined February 06, 2020
Hoolio
Jan 05, 2021Ret. Employee
Thanks for your replies and . Could you add this line to the samesite iRule just after the HTTP_RESPONSE_RELEASE line?
Look for this line (line 188 in https://github.com/f5devcentral/irules-toolbox/blob/master/security/http/cookies/samesite-attributes.tcl😞
# Run this response event with priority 900 after all other iRules to parse the final cookies from the application and BIG-IP
when HTTP_RESPONSE_RELEASE priority 900 {
And add this return command after it, as listed below:
# Exit this event if another iRule has already sent an HTTP response (F5 article K23237429)
if {[HTTP::has_responded]}{return}
Please test this on a separate non-production virtual server or during a maintenance window in case there are any issues.
Thanks, Aaron