Do you want to remove the HttpOnly option on every response for every cookie? Which version of LTM are you running?
Here is an example iRule you can use for 9.4+ to remove HttpOnly from every response cookie:
when HTTP_RESPONSE {
Check if there are any Set-Cookie headers
if {[HTTP::header exists "Set-Cookie"]}{
Loop through each Set-Cookie header remove the HttpOnly option
foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {
log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: [HTTP::header value $a_set_cookie_value], \
updated value [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]"
HTTP::header replace Set-Cookie [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]
}
}
}
I haven't tested this, so if you try it and run into issues, check the /var/log/ltm log file for the original and updated Set-Cookie header values. You can also use a browser plugin like LiveHttpHeaders for Firefox or Fiddler for IE to view the headers sent to the client.
If you run into issues, please reply with the log output.
Thanks,
Aaron