Encrypted cookies on strict uri

Question

Hi, I need to encrypt my cookies on specific uri,I have this irule: when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
&nbsp;
&nbsp;
foreach mycookies $myValues {
if { [HTTP::cookie version $mycookies] != 1 } {
set ckval [HTTP::cookie value $mycookies]
set ckpath [HTTP::cookie path $mycookies]
HTTP::cookie remove $mycookies
HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
}
HTTP::cookie secure $mycookies enable
HTTP::cookie httponly $mycookies enable
}
}But this iRule encrypt all the cookies.I try that when HTTP_REQUEST{
&nbsp; set orighost [HTTP::host]
&nbsp; set origuri [HTTP::uri]
&nbsp; set uri1 "/sso"
}
&nbsp;
&nbsp;
when HTTP_RESPONSE {
&nbsp; set myValues [HTTP::cookie names]
&nbsp; foreach mycookies $myValues {
if { ([HTTP::cookie version $mycookies] != 1 ) and ($origuri starts_with "$uri1") }&nbsp;
&nbsp; &nbsp; {
&nbsp; &nbsp; &nbsp; set ckval [HTTP::cookie value $mycookies]
&nbsp; &nbsp; &nbsp; set ckpath [HTTP::cookie path $mycookies]
&nbsp; HTTP::cookie remove $mycookies
&nbsp; HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
&nbsp; &nbsp; }
&nbsp; &nbsp; HTTP::cookie secure $mycookies enable
&nbsp; &nbsp; HTTP::cookie httponly $mycookies enable
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }But doesn't work,Can you help to fix that ?Regards

dario_garrido · Accepted Answer

Hello&nbsp;Technically, you are not encrypting your cookies, you are encrypting your communication tagging your cookies with "secure".REF - https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookieREF - https://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie&nbsp;The rest of the code only replaces the cookie version of all of them.HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1Encryption is done by using HTTP::cookie encrypt &lt;name&gt; &lt;pass phrase&gt; ["128" | "192" | "256"]---&nbsp;So, if you need to apply the irule only for queries which has a specific URI, you should do something like this (with the condition containing the whole code).when HTTP_REQUEST{
  set origuri [string tolower [HTTP::uri]]
}
&nbsp;
when HTTP_RESPONSE {
  set myValues [HTTP::cookie names]
  if { $origuri starts_with "uri" } {
    foreach mycookies $myValues {
      if { [HTTP::cookie version $mycookies] != 1 } {
        set ckval [HTTP::cookie value $mycookies]
        set ckpath [HTTP::cookie path $mycookies]
        HTTP::cookie remove $mycookies
        HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
      }
      HTTP::cookie secure $mycookies enable
      HTTP::cookie httponly $mycookies enable
   }
  }
}You can find the meaning of each HTTP::cookie command herehttps://clouddocs.f5.com/api/irules/HTTP__cookie.html&nbsp;KR,Dario.

jean_mamène · Answer

Hi Dario,&nbsp;Thanks for your answer,The irule on specific URI work.&nbsp;Thanks

dario_garrido · Answer

Great! I'm glad to hear this. You are welcome.&nbsp;I would appreciate if you mark my answer as "the best" or give me some upvote.&nbsp;KR,Dario.

Forum Discussion

Encrypted cookies on strict uri

3 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypting Cookies

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP