secure cookies help!!!
success trying to establish secure cookies for a service that pass through my big-ip eh tried everything, but I can not do it.
Eh tried running an irule with the basic commands to enable the secure cookie but I had no success:
HTTP :: cookie secure "PHPSESSID" enable ---> this does not work
Then I went a little further capturing the set-cookie header by deleting it and overwriting it with the value of the cookie +; secure +; httponly
when HTTP_RESPONSE {
set ck [HTTP :: header values "Set-Cookie"]
local log0. "header first instance $ ck";
HTTP :: header remove "Set-Cookie"
foreach acookie $ ck {
if {$ acookie starts_with "PHPSESSID"} {
set stringe [string map {PHPSESSID PHPSESSID HttpOnly ""} $ acookie]
switch -glob $ acookie {
"*; HttpOnly *" -
"*; HttpOnly *" {
HTTP :: header insert "Set-Cookie" "$ stringe Secure; HttpOnly"
set ck2 [HTTP :: header values "Set-Cookie"]
local log0. "header2 $ ck2";
}
default {}
}
} else {
set stringes [string map {security security HttpOnly ""} $ acookie]
switch -glob $ acookie {
"*; HttpOnly *" -
"*; HttpOnly *" {
HTTP :: header insert "Set-Cookie" "$ stringes Secure; HttpOnly"
set ck3 [HTTP :: header values "Set-Cookie"]
local log0. "headerelse $ ck3";
}
default {}
}
}
}
}
If I can see that the texts are added in the header but when I do this the cookies do not appear in the browser and of course they are not safe.
I've tried many irules:
https://support.f5.com/csp/article/K11324
https://devcentral.f5.com/s/question/0D51T00006i7Wet/how-to-properly-insert-httponly-and-secure-cookie-directives
https://geekflare.com/f5-irule-to-secure-cookie-with-httponly-and-secure/
I am having an observation of the security area that I have to ensure those cookies and I don't know how to do it, since I only have the ASM module I cannot apply a persistence profile and I no longer have options
Who has come out?