I tested the following rule, but it won't work as 'HTTP::header remove Set-Cookie' removes all Set-Cookie headers (not just the current one). 'HTTP::header value Set-Cookie' will only return the last header with that name.
when HTTP_RESPONSE {
Insert some test response Set-Cookie headers
HTTP::header insert Set-Cookie {infoview_userCultureKey=useBrowserLocale; expires=Tue, 29-Aug-2017 01:46:00 GMT; path=/; HttpOnly}
HTTP::header insert Set-Cookie {InfoViewSystemName=; expires=Fri, 29-Aug-2008 13:46:01 GMT; path=/; HttpOnly}
HTTP::header insert Set-Cookie {InfoViewUserName=YQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgA=; expires=Fri, 29-Aug-2008 13:46:01 GMT; path=/; HttpOnly}
HTTP::header insert Set-Cookie {InfoViewAuth=Enterprise; expires=Fri, 29-Aug-2008 13:46:01 GMT; path=/; HttpOnly}
log local0. "Set-Cookie header count: [HTTP::header count "Set-Cookie"]"
Loop through the Set-Cookie headers and save a copy of each value in an array without the HttpOnly option
for {set i 0} {$i < [HTTP::header count "Set-Cookie"]} {incr i}{
log local0. "Current Set-Cookie $i: [HTTP::header value Set-Cookie]"
set set_cookies($i) [string map -nocase {{; HttpOnly} "" HttpOnly ""} [HTTP::header value "Set-Cookie"]]
HTTP::header remove "Set-Cookie"
}
Loop through the array and re-insert the headers
for {set j 0} {$j < [array size set_cookies]} {incr j}{
HTTP::header insert "Set-Cookie" $set_cookies($j)
log local0. "Current Set-Cookie $j: $set_cookies($j)"
}
unset set_cookies
}
Log output:
: Set-Cookie header count: 3
: Current Set-Cookie 0: InfoViewAuth=Enterprise; expires=Fri, 29-Aug-2008 13:46:01 GMT; path=/; HttpOnly
: Current Set-Cookie 0: InfoViewAuth=Enterprise; expires=Fri, 29-Aug-2008 13:46:01 GMT; path=/
If 'HTTP::header remove HEADER_NAME' in 9.1.2 also removes all headers of the same name, I'm not sure there is a way to loop though the Set-Cookie headers and modify them.
You could possibly collect the TCP payload on responses and replace HttpOnly with nothing. It would be a lot of overhead though just to modify the headers.
Aaron