iRULE to secure F5 cookie

Question

Hi&nbsp;
I added irule below to add secure flag on cookie sent by F5 to client but post implementation JSESSIONID cookie disappeared:&nbsp;
when HTTP_RESPONSE {
    foreach mycookie [HTTP::cookie names] {
    HTTP::cookie secure $mycookie enable
   }
}&nbsp;
Any prompt response would be appreciated.Thanks&nbsp;

karan_dadwal_23 · Answer

Hi

Will this solve :

Rule set 1:
when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        if { $x starts_with "cookiename1" or "cookiename2" } {
            HTTP::cookie secure $x enable
        }
    }
}
====================================================================================

Rule set 2:

when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        if { $x contains "cookiename1" or "cookiename2" } {
            HTTP::cookie secure $x enable
        }
    }
}
I am using cookie persistence and adding cookie name.cookiename1 is used on set of one VIPs and cookiename2 is used on another. I want irule to be able to set secure flag to these cookies only and not any other returned by server or app. Will this irule meet my purpose without altering any other cookie in HTTP response.

Thanks

Forum Discussion

iRULE to secure F5 cookie

1 Reply

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

Avoiding Common iRules Security Pitfalls

Increased Security With First Party Cookies

Using ChatGPT for security and introduction of AI security

iRule to modify a content-security-policy header

Auditing Security Policy Updates