How to force Secure and HttpOnly cookie options for a specific cookie by using rewrite policy

How to force Secure and HttpOnly cookie options for a specific cookie by using rewrite policy

book

Article ID: CTX338590

calendar_today

Updated On:

Description

This article describe how to force Secure and HttpOnly cookie options for a specific cookie. If you want to force Secure and Httponly cookie options for all the cookies of a website, please refer to the edoc https://docs.citrix.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc/load-balancing/force-secure-and-httponly-cookie-options.html

Instructions

Here is an example that illustrates how to add secure cookie options into cookie "is_cisco_platform=0" in the response.

  • This is orginal cookie options for the cookie "is_cisco_platform=0"


Set-Cookie: is_cisco_platform=0; expires=Sat, 14-Jan-2023 01:58:44 GMT; Max-Age=31104000; path=/; HttpOnly; SameSite=Lax
捕获.PNG
 

  • This is the related configuration:


add rewrite action rewrite_specific_cookie replace_all HTTP.RES.FULL_HEADER "\"is_cisco_platform\"+HTTP.RES.FULL_HEADER.AFTER_REGEX(re!is_cisco_platform!).BEFORE_REGEX(re!path!) +\"path=/; HttpOnly; Secur e; SameSite=Lax\"" -search "regex(re!(?i)is_cisco_platform.*SameSite=Lax!)"

add rewrite policy pol_cookie_Secure true rewrite_specific_cookie

  • Test Result:

image.png

Additional Information

https://docs.citrix.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc/load-balancing/force-secure-and-httponly-cookie-options.html
Powered by Wolken Software