HTTPOnly and Secure flags - Secure Logon

Question

Hi everybody,&nbsp;
I am not an expert on F5 and trying to get more knowledge. I would like to add few Security atttibutes, in the HTTP Header. I know that we can use the iRule and write something, but in my case it is about the F5 website itself. I have the VPN page like https://vpn.mysite.com that I land in the “Secure Logon for F5 Network” - How can I add those Cookie Secure, HTTPOnly and plus the X-Frame-Options and other Security Headers for that page? How to achieve that and how/where to apply without brake anything?&nbsp;
Thank you!&nbsp;

samir_jha_52506 · Answer

Cookie and path can be secured. Have you check any cookie value is setup i.e. BIGIPCKIE
Below iRule can help to solve issue.
    when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
    if { $x equals "BIGIPCKIE" } {
        continue
    }
    set ckname $x
    set ckvalue [HTTP::cookie value $x] 
    set ckpath [HTTP::cookie $x path]
    HTTP::cookie remove $x
    HTTP::cookie insert name $ckname value $ckvalue path $ckpath version 1
    HTTP::cookie secure $ckname enable
    HTTP::cookie httponly $ckname enable
    }
}

Forum Discussion

HTTPOnly and Secure flags - Secure Logon

1 Reply

Recent Discussions

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates

HTTP Multipart and Security Implications

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Get Started with WAAP Security Incidents