question

nhshovon avatar image
1 Vote"
nhshovon asked TheyssensKoen-8228 commented

How to mark Azure Application Gateway cookie-based aiffinity as secure and httponly using rewrite

I'm using WAF V2 and enabled cookie-based affinity. But seems like the cookie-based affinity cookies (ApplicationGatewayAffinity, ApplicationGatewayAffinityCORS) are not marked as httponly and secure.

How I can mark those cookies as httponly and secure using Application Gateway Rewrites? Please help.

azure-application-gatewayazure-web-application-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ChaitanyaNaykodiMSFT-9638 avatar image
0 Votes"
ChaitanyaNaykodiMSFT-9638 answered TheyssensKoen-8228 commented

Hello @nhshovon, apologies for the delayed response here. Currently setting up httponly and secure flags using Application Gateway Rewrites is not supported. The team is aware of this limitation and has a roadmap to enhance cookie handling experience in future, meanwhile please feel free to upvote this feature request regarding the same.
Currently the secure attribute is set when the request is sent using HTTPS, you can refer to this documentation for any additional details. Please let me know if there are any concerns. Thank you!



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Is there any other way except Rewrites I can mark those cookies HttpOnly? I'm using HTTPS and found only ApplicationGatewayAffinityCORS is marked as Secure. ApplicationGatewayAffinity is still NOT marked as Secure. Can you please explain why?

Thanks

0 Votes 0 ·

Hello @nhshovon, apologies for the delay I have reached out to the team internally regarding the issue above. I will make an update here as soon as I have a response. Thank you for your patience through out this process.

0 Votes 0 ·

Hi,

I wanted to upvote the feature request, but the page is not found.

regards,

Koen

0 Votes 0 ·