Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Add secure flag to lmdata cookie

Updated

 

Information

 

Summary:

"lmdata" cookie is being flagged by a penetration test as unsecure.  Need to add secure flag to this cookie.
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any
Question/Problem Description:

How to add secure flag to lmdata cookie.
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:
  • In the main menu of the LoadMaster Web User Interface (WUI), go to Rules & Checking > Content Rules.
  • Click Create New.

create new.png

  • Enter a name for the rule.
  • Select Replace Header as the Rule Type.
  • Enter set-cookie in the Header Field.
  • Enter /(lmdata.*?);?$/ in the Match String text box.
  • Enter \1; secure; httponly in the Value of Header Field to be replaced text box.
  • If in case httponly is already in the response, then remove it from the content rule:  \1; secure
  • This will only match on the cookie beginning with lmdata. 

lmdata rule.png

Once the rule has been created, it will then need to be applied to the appropriate Virtual Service.  To apply it:
 
  • In the main menu, go to Virtual Services > View/Modify Services.
  • Click Modify on the relevant Virtual Service.
  • Expand the Advanced Properties section.
  • Click Show Header Rules.

advanced properties.png

  • Under Response Rules select the rule created above from the drop-down list and click Add.

add rule.png
Workaround:  
Notes:  
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document