Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

ASM TS cookies help - secureonly PER policy or per virtual?

I am trying to make the ASM TS cookies Httponly and Secure HOWEVER I am not confident in setting those to Secure globally from the command line, because not all of my sites are secure. I am assuming that this would then break ASM functionality due to the client not sending the cookie back to the server if not using https.

So is there any way to set Secure on these cookies either per virtual server or per ASM policy. Regular iRules to modify cookies do not seem to modify the TS cookies.

Thanks.

0
Rate this Question
Comments on this Question
Comment made 4 months ago by patonbike 128

Nevermind, the flags only turn on the Secure attribute then the traffic is HTTPS.

https://support.f5.com/csp/article/K13787

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Looks like you have found the answer yourself, inedeed the secure attribute will only apply to HTTPS: https://support.f5.com/csp/article/K13787

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You should change the database value with the following command from CLI. It is a global variable.

f5bigip# /usr/share/ts/bin/add_del_internal add cookie_secure_attr 1

0