.. _waf_template_cookie_security:

waf template cookie-security
============================

Protections to secure cookies


cookie-security Specification
-----------------------------

	===================================== ============================================================================
	 **Parameter**                         **Value** 

	===================================== ============================================================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      cookie-security

	 **Element URI**                       /axapi/v3/waf/template/{name}/cookie-security

	 **Element Attributes**                cookie-security_attributes

	 **Partition Visibility**              shared

	 **Schema**                             :download:`cookie-security schema <waf-template-cookie-security/waf-template-cookie-security.txt>`
	===================================== ============================================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/cookie-security



.. raw:: html

   </td><td valign = 'top'>


:ref:`3276_cookie-security_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/cookie-security



.. raw:: html

   </td><td valign = 'top'>


:ref:`3276_cookie-security_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/cookie-security



.. raw:: html

   </td><td valign = 'top'>


:ref:`3276_cookie-security_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/cookie-security



.. raw:: html

   </td><td valign = 'top'>


:ref:`3276_cookie-security_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/waf/template/{name}/cookie-security



.. raw:: html

   </td><td valign = 'top'>


:ref:`3276_cookie-security_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   </table>

.. _3276_cookie-security_attributes:

cookie-security attributes
--------------------------

    **allow-missing-cookie**

        **Description** Allow requests with missing cookies

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **allow-unrecognized-cookie**

        **Description** Allow requests with unrecognized cookies

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **cookie-policy**

        **Type:** List

    **enable-disable-action**

        **Description** 'enable': Enable cookie security (default); 'disable': Disable cookie security; 

        **Type:** string

        **Supported Values:** enable, disable

        **Default:** enable

    **set-cookie-policy**

        **Type:** List

    **tamper-protection-grace-period**

        **Description** Allow unrecognized cookies for a period of time after cookie encryption being applied (default 120 minutes)

        **Type:** number

        **Range:** 0-43200

        **Default:** 120

    **tamper-protection-http-only**

        **Description** Add HttpOnly flag to cookies not in set-cookie-policy list (default on)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 1

    **tamper-protection-samesite**

        **Description** 'none': none; 'lax': lax; 'strict': strict; 

        **Type:** string

        **Supported Values:** none, lax, strict

        **Default:** none

    **tamper-protection-secret**

        **Description** Cookie encryption secret

        **Type:** string

        **Format:** password

        **Maximum Length:** 128 characters

        **Maximum Length:** 1 characters

    **tamper-protection-secret-encrypted**

        **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

    **tamper-protection-secure**

        **Description** Add Secure flag to cookies not in set-cookie-policy list (default on)

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 1

    **tamper-protection-session-cookie-only**

        **Description** Only encrypt session cookies

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **tamper-protection-sign**

        **Description** Sign cookies

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** tamper-protection-sign and tamper-protection-encrypt are mutually exclusive

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _3276_set-cookie-policy:

set-cookie-policy
^^^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *list*

	 **Block object keys**             

	=============================== ===================================================

    **set-cookie-policy-allow**

        **Description** Allow the cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **set-cookie-policy-disallow**

        **Description** Block the cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **set-cookie-policy-http-only**

        **Description** Add HttpOnly flag to cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **set-cookie-policy-name**

        **Description** Name of cookie

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **set-cookie-policy-samesite**

        **Description** 'none': none; 'lax': lax; 'strict': strict; 

        **Type:** string

        **Supported Values:** none, lax, strict

    **set-cookie-policy-secret**

        **Description** Cookie encryption secret

        **Type:** string

        **Format:** password

        **Maximum Length:** 128 characters

        **Maximum Length:** 1 characters

    **set-cookie-policy-secret-encrypted**

        **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

    **set-cookie-policy-secure**

        **Description** Add Secure flag to cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **set-cookie-policy-sign**

        **Description** Sign cookies

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

        **Mutual Exclusion:** set-cookie-policy-sign and set-cookie-policy-encrypt are mutually exclusive

.. _3276_cookie-policy:

cookie-policy
^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *list*

	 **Block object keys**             

	=============================== ===================================================

    **cookie-policy-allow**

        **Description** Allow the cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **cookie-policy-disallow**

        **Description** Block the cookie

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **cookie-policy-name**

        **Description** Name of cookie

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters