Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Want to set sticky secure and httpOnly flag on all cookies coming from Client

Hi,

Our application set secure and HttpOnly on just the application JSESSION cookie. But we would like to add secure and httOnly on all HTTP response cookies..

Specifically the following ones: - BIGipServer - TS******

Have looked into several threads but still couldn;t get it to work.

Please help.

0
Rate this 0

Replies to this 0

placeholder+image

Specifically the following ones: - BIGipServer - TS******

it is asm cookie, isn't it? have you tried HTTP_RESPONSE_RELEASE event?

HTTP_RESPONSE_RELEASE
https://devcentral.f5.com/wiki/iRules.HTTP-RESPONSE-RELEASE.ashx

0
Comments on this Reply
Comment made 02-Sep-2014 by Moinul Rony 113
Thanks Nitass, Are we able to utilizse HTTP_RESPONSE_RELEASE event to secure ASM TS cookies or just follow the article Mark mentioned below. It seems that it requires a ASM restart? Any way we can avoid restarting ASM to secure TS cookie? Cheers.
0
Comment made 02-Sep-2014 by nitass 13357
i never tested but i think it may work. it does not need to restart asm because HTTP_RESPONSE_RELEASE is ltm event. anyway, i think sol13787 Mark mentioned is better but yes, you have to restart asm.
0
Comment made 02-Sep-2014 by Moinul Rony 113
so basically ~~~ when HTTP_RESPONSE_RELEASE { set myValues [HTTP::cookie names] foreach mycookies $myValues { log local0. "Cookie Name: $mycookies being secured." if { [HTTP::cookie version $mycookies] != 1 } { set ckval [HTTP::cookie value $mycookies] set ckpath [HTTP::cookie path $mycookies] HTTP::cookie remove $mycookies HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1 } HTTP::cookie secure $mycookies enable HTTP::cookie httponly $mycookies enable } } ~~~ Should work ?
0
Comment made 08-Sep-2014 by Moinul Rony 113
Hi , on HTTP_RESPONSE can we match a URI or Path so that we can ignore that path and do not change the header for that specific URL/ PATH ?
0
placeholder+image

For the TS Cookie the following article has details on setting secure and httponly.

http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13787.html

And this post has an irule on how to configure the flags for the BIGipServer cookies.

https://devcentral.f5.com/questions/cookie-persistence-secure-and-http-only

0
Comments on this Reply
Comment made 02-Sep-2014 by Moinul Rony 113
Thank you Mark, Yes I had followed the above articles to secure the BIGIPServer cookies which is working. Now working on to secure the TS flags.
0
placeholder+image

Fantastic! it just worked.. no worries to restart ASM. :)

Thanks mark and nitaas!

0