NetScaler rewrite policy to force all cookies to be secure and httponly

I recently had a customer that had SSL termination on NetScaler, and needed to rewrite all cookies to secure cookies and implement httponly, and it needed to work for all kinds of paths.

Citrix has an eDoc for this here. But this didn’t quite fit what I needed, as the customer application was using different paths, and I didn’t want to write 100 OR statements in there.

I came up with the following policy using a more general regexp.

add rewrite action act_cookie_Secure replace_all HTTP.RES.FULL_HEADER "TARGET+\"; Secure; HttpOnly; \"" -search "regex(re!(?i)path=([/a-zA-Z\\-]+)(;?)((Secure|HttpOnly|\\;)*)!)" -bypassSafetyCheck YES
add rewrite policy rw_force_secure_cookie "http.RES.HEADER(\"Set-Cookie\").EXISTS" act_cookie_Secure

comments powered by Disqus