Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

HTTP::cookie and setting flags

Jon_Gilyeat_149
Nimbostratus
Nimbostratus

‎24-Jul-2014 10:03 - last edited on ‎02-Jun-2023 12:54 by Fog

I'm struggling with writing some irule logic which sets the httponly and secure flags on only the bigipserver cookies inserted by the F5 when using cookie session persistence, while not affecting any server or application inserted cookies. So far, I've had to resolve myself to creating a different irule for each VIP for which I need to perform this action, and specifying the bigip server cookie for that VIP, eg:

when HTTP_RESPONSE {
  if { [HTTP::cookie BIGipServerFoo] ne "" } {
    set ck_value [HTTP::cookie value BIGipServerFoo]
    set ck_path [HTTP::cookie path BIGipServerFoo]
    HTTP::cookie remove BIGipServerFoo
    HTTP::cookie insert name BIGipServerFoo value $ck_value path $ck_path version 1
    HTTP::cookie httponly BIGipServerFoo enable
    HTTP::cookie secure BIGipServerFoo enable
  }
  }

BigIP server cookie flags are set appropriately, application cookies are left alone, everyone is happy, apps don't break. Surely there must be some way to do this without manually picking out the cookies I want changed.

0 Kudos
3 REPLIES 3

Jon_Gilyeat_149
Nimbostratus
Nimbostratus

‎24-Jul-2014 10:27 - last edited on ‎02-Jun-2023 12:54 by Fog

Tried this and it doesn't really work either:

when HTTP_RESPONSE {
  if { [HTTP::cookie starts_with "BIGipServer"] } {
     set ck_names [HTTP::cookie names]
     foreach aCookie $ck_names {
     HTTP::cookie remove $aCookie
     HTTP::cookie insert name $aCookie value $aCookie path / version 1
     HTTP::cookie httponly $aCookie enable
  }
}
0 Kudos

cjunior
Nacreous
Nacreous

‎24-Jul-2014 11:47 - last edited on ‎02-Jun-2023 12:54 by Fog 

 when HTTP_RESPONSE {
     set ck_names [HTTP::cookie names]
     foreach ck_name $ck_names {
        if { [string tolower $ck_name] starts_with "bigipserver" } {
            set ck_value [HTTP::cookie value $ck_name]
            set ck_path [HTTP::cookie path $ck_name] 

            HTTP::cookie remove $ck_name
            HTTP::cookie insert name $ck_name value $ck_value path $ck_path version 1
            HTTP::cookie httponly $ck_name enable
        } 
    }
}
0 Kudos

Jon_43169
Nimbostratus
Nimbostratus

‎24-Jul-2014 12:45 - last edited on ‎02-Jun-2023 12:54 by Fog

We have an ASM module, but we've not deployed it yet.

After spending some time beating on it a bit more, I've managed to sort it out:

when HTTP_RESPONSE {
   set ck [HTTP::header values "Set-Cookie"]
   foreach acookie $ck {
      if {$acookie starts_with "BIGipServer"} {
         HTTP::header replace "Set-Cookie" "${acookie}; HttpOnly"
      }
   }
}
0 Kudos
Copyright © 2023 Khoros, LLC