Forum Discussion

GVR_Dinesh_1748's avatar
GVR_Dinesh_1748
Icon for Nimbostratus rankNimbostratus
Nov 07, 2018

Configure iRule for CWE ID 352 CWE name Cross-Site Request Forgery (CSRF) vulnerability

How to configure the irule to fix the vulnerability CWE ID 352 CWE name Cross-Site Request Forgery (CSRF) in F5.

 

FA_Session cookie is set by f5 load balancer to route request to same app servers from which response was sent. Can you please set the following attribute on F5 cookie "SameSite=strict"