Enabling the Cookie Security Attributes
If you set Client Protocol to HTTPS, you can enable Cookie Security Attributes. If you enable this, the HttpOnly and Secure attributes of cookies will be set to true.
Cookies are inserted by back-end web servers and can be implemented through framework configuration or set-cookie. Secure and HttpOnly in cookies help defend against attacks, such as XSS attacks to obtain cookies, and help defend against cookie hijacking.
If the AppScan scanner detects that the customer site does not insert security configuration fields, such as HttpOnly and Secure, into the cookie of the scan request, it records them as security threats.
Prerequisites
You have selected Dedicated or Cloud - CNAME for Proteciton when adding the website to WAF.
Constraints
- This function is not supported in cloud ELB access mode.
- If the Client Protocol is set to HTTP, the Cookie Security Attributes function is disabled by default and cannot be enabled.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
in the upper left corner and choose Web Application Firewall under Security & Compliance. - In the navigation pane on the left, choose Website Settings.
- In the Domain Name column, click the website domain name to go to the basic information page.
- In the Advanced Settings area, click
next to Cookie Security Attributes to enable it.
Figure 1 Cookie Security Attributes
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
