Meltdown and Spectre Web Application Risk Management

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major fr...
Updated Jun 23, 2022
Version 2.0
ASM Advanced WAF
BIG-IP
meltdown
security
spectre
Hoolio's avatar
Hoolio
Ret. Employee
Feb 20, 2020

In BIG-IP v12.0, we added the ability to use "HTTP::cookie attribute" to read/set/delete arbitrary cookie attributes. Here is an example for how to use this command to set the SameSite attribute on BIG-IP and web application cookies:

 

https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM

 

In v11, you can use Avalanchee's suggestion of appending ; samesite=VALUE to Set-Cookie response headers. There's an example of this in the Devcentral iRule toolbox: https://github.com/f5devcentral/irules-toolbox/tree/master/security/http/cookies

 

Aaron