Set and proove the secure attribute in a cookie

Question

Hello, 
&nbsp;  
&nbsp;  following szenario: 
&nbsp;  
&nbsp; Internet - HTTPS - BigIP-ASM - HTTP - Webserver 
&nbsp;  
&nbsp; The BigIP should terminate the SSL traffic and should send it via plain HTTP to the webserver. Should be no problem. 
&nbsp;  
&nbsp; The webserver generates plain text cookies, the BigIP should transfer them via SSL and should also set the secure attribute.  
&nbsp;  
&nbsp; Is this possible with the BigIP or is there an other way to solve this? 
&nbsp;  
&nbsp; thx and have a nice day 
&nbsp;  
&nbsp; mIke

hooleylist · Answer

Hi Mike, 
&nbsp;  
&nbsp; There isn't such functionality in ASM.  You could write an iRule which sets the Secure attribute on the cookie.  You'd use the HTTP::cookie secure' (Click here) command in the HTTP_RESPONSE event.  If you want help with this you could post in the iRule forum (Click here). 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Set and proove the secure attribute in a cookie

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Using ChatGPT for security and introduction of AI security

Add SameSite attribute to APM Cookies

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023

Avoiding Common iRules Security Pitfalls

My Security+ Certification Journey