question in http::cookie secure

Question

when HTTP_RESPONSE 
&nbsp;{ 
&nbsp;   set myValues [HTTP::cookie names] 
&nbsp;    foreach mycookie $myValues 
&nbsp;   { 
&nbsp;        if {$mycookie == "cjj_INFO"} 
&nbsp;       { 
&nbsp;         Do nothing. 
&nbsp;         } 
&nbsp;       if {$mycookie == "cjj_SESS"}
&nbsp;       { 
&nbsp;          Do nothing. 
&nbsp;        } 
&nbsp;        else { 
&nbsp;         HTTP::cookie secure $mycookie enable 
&nbsp;               } 
&nbsp;        } 
&nbsp;}&nbsp;&nbsp;
&nbsp;If there is a http response  include cjj_INFO and other cookie like,cjj_test,will they be set secure flag with respect to this irule&nbsp;
&nbsp;Because I don't know if I didn't set action or statement ,what will happen to the traffic?&nbsp;
&nbsp;Can some one help me?&nbsp;
&nbsp;Thanks very much

nitass · Answer

&gt;I didn't set action or statement ,what will happen to the traffic? 
 traffic will be processed normally. 
  
 btw, i adjusted the irule to make it easily readable. anyway, i've not tested it out. pls feel free to revise.

when HTTP_RESPONSE { 
   foreach myCookie [HTTP::cookie names] { 
      if {not ($myCookie equals "cjj_INFO" or $myCookie equals "cjj_SESS")} { 
         HTTP::cookie secure $myCookie enable 
      } 
   } 
}

naladar_65658 · Answer

Hello jucao, 
 The iRule above shows to be a valid iRule when I compile it in the F5 iRule Editor.  (You should get that if you don't already have it... it's awesome).  The iRule above should look at the cookies in the headers and if it cookies are not named cjj_INFO or CJJ_SESS then it will set the secure flag on the response.  Just an FYI according to the documentation if you set the response flag to secure on a cookie that is already secure nothing will happen to the cookie.  It will stay secure and will not be detrimental in any way.
Here is an iRule similar to the one above that might also work:
when HTTP_RESPONSE {
set mycookienames [HTTP::cookie names] 
foreach cookie $mycookienames if !{ $mycookienames contains "cjj_INFO" or "cjj_SESS" } {
HTTP::cookie secure $mycookienames enable 
   }
}

robert_47833 · Answer

oh,thanks nitass ,naladar 
&nbsp; when HTTP_RESPONSE  
&nbsp; {  
&nbsp;    set myValues [HTTP::cookie names]  
&nbsp;     foreach mycookie $myValues  
&nbsp;    {  
&nbsp;         if {$mycookie == "cjj_INFO"}  
&nbsp;        {  
&nbsp;          Do nothing.  
&nbsp;          }  
&nbsp;        if {$mycookie == "cjj_SESS"} 
&nbsp;        {  
&nbsp;           Do nothing.  
&nbsp;         }  
&nbsp;         else {  
&nbsp;          HTTP::cookie secure $mycookie enable  
&nbsp;                }  
&nbsp;         }  
&nbsp; } 
&nbsp;  
&nbsp;  
&nbsp; my irule has one issue 
&nbsp; the cjj_info will be set a secure flag in the second if statement,right? &nbsp;

nitass · Answer

&gt;the cjj_info will be set a secure flag in the second if statement,right? 
&nbsp; yes, i think so.

hooleylist · Answer

I think it would be simpler to use a switch on the cookie value:

when HTTP_RESPONSE {

foreach mycookie [HTTP::cookie names] {
      switch $mycookie {
         "cjj_INFO" -
         "cjj_SESS" {
             Do nothing.
         }
         default {
            HTTP::cookie secure $mycookie enable
         }
      }
   }
}

Aaron

Forum Discussion

question in http::cookie secure

5 Replies

Recent Discussions

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

iRule to take cookie from HTTP Response into HTTP Request via table

Using ChatGPT for security and introduction of AI security

Change cookie domain in HTTP::respond

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023

Avoiding Common iRules Security Pitfalls