Forum Discussion
hooleylist
Apr 13, 2010Cirrostratus
Hi Mark,
A few suggestions/notes:
It seems like a bug if you're setting the secure option on a cookie and then finding a cookie named HttpOnly. I'd suggest opening a case with F5 Support to have them confirm and document this issue.
HTTP_RESPONSE fires before the request is sent to ASM. So you'll need to use a "creative workaround" if you want to use an iRule to inspect and/or modify the response after ASM handles it. The workaround is described in SOL9388:
SOL9388: Using an iRule to parse post-ASM responses
https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9388.html
I've had several customers balk at doing this because of the added complexity of the configuration. I'd suggest opening a case with F5 Support and ask them to add this functionality to the product without resorting to creating a second VS. If you do so and get a Change Request number, could you reply back with it so others can reference it?
Thanks, Aaron