Forum Discussion

Cirrocumulus

May 30, 2019

Irule - How this Secure Cookie Irule works ?

Can some one explain how this SECURE_COOKIE Irule works . ltm rule SECURE_COOKIE { when HTTP_RESPONSE_RELEASE { set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] HTTP::header...

MVP

when HTTP_RESPONSE_RELEASE {
	# Get all values of Set-Cookie headers
	set unsafe_cookie_headers [HTTP::header values "Set-Cookie"]
	# Remove the current unsafe Set-Cookie header
	HTTP::header remove "Set-Cookie"
	foreach set_cookie_header $unsafe_cookie_headers {
		# Insert a new Set-Cookie header with '<value>; Secure' for each one (to securize)
		HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure"
	}
}

Dario_Garrido

MVP

May 31, 2019

The client is not going to use the cookie tagged as "Secure" if the communication is through HTTP (unsecure).

REF - https://en.wikipedia.org/wiki/Secure_cookie

I would appreciate if you rate my answer.

KR,

Dario.

Forum Discussion

Irule - How this Secure Cookie Irule works ?

Recent Discussions

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

Cookie Encryption

Cookie

Multiple Cookies/Sessions same endpoint

irule to mark cookies httponly/secure - selectively

Encrypted cookies on strict uri