Forum Discussion

Altostratus

Jul 25, 2017

Exclude specific cookie from set_cookie_header iRule

We currently apply "Secure" and "HttpOnly" via the iRule below. We now need to exclude any cookie that starts with "XSRF-TOKEN" from the "HttpOnly" portion of this iRule. Any help in syntax would b...

Nacreous

Jul 25, 2017

Try this... HTTP::cookie secure should return "enable" if it's been set according to the Wiki but I've not tested the output myself

https://devcentral.f5.com/Wiki/iRules.HTTP__cookie.ashx

 when HTTP_RESPONSE { 
  set unsafe_cookie_headers [HTTP::header values "Set-Cookie"] 

  if { not ([string tolower [HTTP::cookie value]] starts_with "XSRF-TOKEN") && ([HTTP::cookie secure] eq "enable" )} {
    HTTP::header remove "Set-Cookie" 
      foreach set_cookie_header $unsafe_cookie_headers { 
        HTTP::header insert "Set-Cookie" "${set_cookie_header}; Secure; HttpOnly" 
    } else {
        return       
      }
    }
  }

Forum Discussion

Exclude specific cookie from set_cookie_header iRule

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

URL

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

Problems connecting to vpn after upgrading to ubuntu 24.04

iRule resulting in too many redirects

Related Content

iRule exclude URI

Disabling Specific Weak Cipher Suites

find specific SNMP OID

exclude an fqdn from resolving in f5apm

Load balancing method specific decision