Secure and HTTP attribute setting on BIGIP cookie in Persistence Profile

Question

So I'm in need of an IRULE to set HTTP Only and secure flags on the cookie that we are using in our cookie persistence profile, call it BIGIP.  I did some research and found this one on dev central, however it broke some other cookie domains.  I really just need to have only 1 cookie configured for secure/httponlly&nbsp;
 &nbsp;
when HTTP_RESPONSE {&nbsp;
      set myValues [HTTP::cookie names]&nbsp;
      foreach mycookies $myValues {&nbsp;
      if { [HTTP::cookie expires $mycookies] eq "" }{&nbsp;
     set mypath [HTTP::cookie path $mycookies]&nbsp;
     set myvalue [HTTP::cookie $mycookies]&nbsp;
       HTTP::cookie remove $mycookies&nbsp;
       HTTP::cookie insert name $mycookies value $myvalue version 1&nbsp;
       HTTP::cookie httponly $mycookies enable&nbsp;
       HTTP::cookie secure $mycookies enable&nbsp;
    if { $mypath ne "" } { HTTP::cookie path $mycookies $mypath }&nbsp;
}&nbsp;
   else { HTTP::cookie secure $mycookies enable }&nbsp;
}&nbsp;
}&nbsp;
 &nbsp;
 &nbsp;
What can I do here?  Any help would be appreciated.&nbsp;
 &nbsp;
Thanks,&nbsp;
Gavin&nbsp;

kevin_stewart · Answer

Taking inspiration from the following thread (https://devcentral.f5.com/community/group/aft/1178831/asg/52), here's a simple iRule that should get you in the right direction.

when RULE_INIT {
    set static::DEBUG 1
}
when SERVER_CONNECTED {
     Save the name of the currently connected pool (remove "/Common/" for v11 systems)
    set pool_name [findstr [LB::server pool] "/Common/" 8]
    if { $static::DEBUG } { log local0. "pool = $pool_name" }
}
when HTTP_RESPONSE {
     Check if the response contains the persistence cookie
    if { [HTTP::cookie BIGipServer${pool_name}] ne "" }{
        if { $static::DEBUG } { log local0. "BIGIP cookie exists: [HTTP::cookie BIGipServer${pool_name}]" }
         Replace the last Set-Cookie header value with the same value with HttpOnly and secure appended
        HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; httponly; secure"
    }
}

hooleylist · Answer

In v11.0 you can use 'HTTP::cookie httponly $cookie_name enable' to set this flag: 
  
 https://devcentral.f5.com/wiki/iRules.http__cookie.ashx

when HTTP_RESPONSE { 
 
 Check if the response contains the persistence cookie 
if {[HTTP::cookie BIGipServerMy_Http_Pool] ne ""}{ 
 
 Set the httponly flag on the persistence cookie if it is in the response
HTTP::cookie httponly BIGipServerMy_Http_Pool enable
} 
}

Aaron

galky_104921 · Answer

It is not working as bigip cookie is version 0 and you get version error.
When you try to set the bigip persistence cookie the version - you get illegal attribute error.&nbsp;

Forum Discussion

Secure and HTTP attribute setting on BIGIP cookie in Persistence Profile

3 Replies

Recent Discussions

Reverse Proxy Not Behaving

Stable Firmware for F5

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

BigIP Next - Health Monitors / Template

Related Content

Set the SameSite Attribute for LTM Persistence Cookies

Setting up persistence in F5 XC

Set the SameSite Cookie Attribute for Web Application and BIG-IP Module Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

Setting up BIG-IP with AWS CloudHSM