How to: Set Enforcer Cookie Settings¶
WAF generates its own cookies and adds them on top of the application cookies.
These are called Enforcer Cookies.
You can control the attributes within these cookies:
httpOnlyAttribute
: Whether or not to add HttpOnly attribute, value is eithertrue
orfalse
, default is true.secureAttribute
: Whether or not to add Secure attribute, value is eitheralways
ornever
, default is always.sameSiteAttribute
: In which mode to add SameSite attribute, value is one of:none-value
,lax
,strict
ornone
, default is strict. Usenone
in order to not add this attribute to the cookie at all.
In this example, we configure enforcementType to be enforce
, securedOverHttpsConnection to be true
, sameSiteAttribute to be strict
and type to be wildcard
.
{
"policy": {
"name": "cookie_attrs_configured",
"template": {
"name": "POLICY_TEMPLATE_RATING_BASED"
},
"cookies": [
{
"name": "*",
"accessibleOnlyThroughTheHttpProtocol": true,
"enforcementType": "enforce",
"securedOverHttpsConnection": true,
"sameSiteAttribute": "strict",
"type": "wildcard"
}
]
}
}