Meltdown and Spectre Web Application Risk Management

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major fr...

Updated Jun 23, 2022

Version 2.0

Historic F5 Account

Joined May 12, 2008

View Profile

Nir_Zigler_7297

Historic F5 Account

Joined May 12, 2008

View Profile

Nir_Zigler

Employee

Joined May 12, 2008

View Profile

Avalanchee

Nimbostratus

Nov 01, 2018

Unfortunately the HTTP::Cookie command doesn't support the SameSite flag. If support was to be added, it would be included in versions past 13.1.0 - which would make it obsolete for the issue at hand (since this feature is included in ASM since 13.1.0).

The best way to have this enabled using an iRule would be to rewrite the Cookie header using string search and replace.

You would have to capture responses from the web server, search for the following header: "Set-Cookie: my_cookie=abcd;" and rewrite it as: "Set-Cookie: my_cookie=abcd; SameSite=Lax"

Meltdown and Spectre Web Application Risk Management

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS