setting the secure bit on

Question

I tired the irule given here  but my vakuse keep comming back disabled 
&nbsp;  
&nbsp;  
&nbsp; when HTTP_RESPONSE {  
&nbsp;    
&nbsp;   
&nbsp;      Loop through each cookie in the response by name  
&nbsp;     foreach a_cookie [HTTP::cookie names] {  
&nbsp;    
&nbsp;        log local0. "$a_cookie=[HTTP::cookie value $a_cookie], secure: [HTTP::cookie secure $a_cookie]"  
&nbsp;    
&nbsp;         Set the secure flag on the cookie.  
&nbsp;          The flag only seems to be set if it's not there already, so no need to check the original state first  
&nbsp;        HTTP::cookie secure $a_cookie enable   
&nbsp;     }  
&nbsp;  }  
&nbsp;  
&nbsp;  
&nbsp; Fri Jan 22 09:23:33 EST 2010 tmm tmm[1628]   Rule setting_secure_flag_to_on HTTP_RESPONSE: JSESSIONID=25C204CE868CB3507E6EA51163E841E6, secure: disable  
&nbsp;  
&nbsp;  
&nbsp; any ideas how to change that disable  respones to enable  
&nbsp;  
&nbsp;  
&nbsp; Thanks  
&nbsp;

hooleylist · Answer

Hi Al, 
&nbsp;  
&nbsp; That rule is logging the fact that the cookie value isn't set before setting it.  Are you sure it's not setting the flag on the JSESSIONID cookie?  It looks like the rule should work as it is. 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Aaron

Forum Discussion

setting the secure bit on

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Using ChatGPT for security and introduction of AI security

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023

Avoiding Common iRules Security Pitfalls

My Security+ Certification Journey

Security as Code eBook from NGINX