Forum Discussion

Nimbostratus

Jun 20, 2013

LTM 11.1.0 Cookie httponly flag TCL errors

All, Have deploy cookie httponly flag for PCI compliance. New irule takes down the website when applied. I am running http classes and i had to do httpclass disable for other irules. Has anyo...

Cirrostratus

Jun 21, 2013

Hey Bryce,

Sorry for the slow reply on this. I got sidetracked. Because HttpOnly can only be set for cookies with version 1 or 2 and the default version is 0, this is probably the cause of the problem. Can you set the version to 1 first:


 Set HttpOnly on all LTM and app generated cookies
when HTTP_RESPONSE {
   set cookieNames [HTTP::cookie names]
   foreach aCookie $cookieNames {
      HTTP::cookie version $aCookie 1
      HTTP::cookie httponly $aCookie enable
   }
}

 Or just for one statically defined cookie:
when HTTP_RESPONSE {
   HTTP::cookie version myCookie 1
   HTTP::cookie httponly myCookie enable
}

Aaron

Forum Discussion

LTM 11.1.0 Cookie httponly flag TCL errors

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

Cookie-based DDoS protection

Decoding the IPv4 address from the persistence cookie

Cookie Tampering Protection using F5 Distributed Cloud Platform

8. SYN Cookie: Troubleshooting tcpdump

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)