Forum Discussion
4 Replies
- PeteWhiteEmployee
- dw_888_212625Nimbostratus
if we are using ASM with LTM, we noticed there is a cookie called TSxxx, we had an irule in place for httponly and secureflag, but not sure why is it not working for the TSxxx cookie. Below is the irule, kindly advise.
when HTTP_RESPONSE { set var [HTTP::header values "Set-Cookie"] HTTP::header remove "Set-Cookie" foreach tcookie $var { HTTP::header insert "Set-Cookie" "${tcookie}; HttpOnly; Secure " } }
- dw_888_212625Nimbostratus
Please advise if there is any cases or incidents that the ASM TS cookies had been exploited before and the likelihood of being exploit?
- PeteWhiteEmployee
I haven't seen it being exploited - it is specifically designed to prevent cookie exploits and maintain form integrity. It is encrypted and the likelihood of cookie exploitation is very low I would expect.