Samesite cookies protect your website from XSS attacks with the help of HttpOnly and Secure flags in cookies. If you do not have these flags in your website’s response headers, then it is possible for attackers to steal your website’s cookies and manipulate user sessions on it. In this article, we will look at how to set samesite cookies in Apache web server.
How to Set Samesite Cookies in Apache Web Server
It is very easy to set samesite cookies to secure your Apache Web server.
1. Open Apache configuration file
Open terminal and run the following command to open Apache configuration file.
$ sudo vi /etc/httpd/conf/httpd.conf
It may also be located at any of the following locations depending on your installation.
/etc/apache2/httpd.conf
/etc/apache2/apache2.conf
/etc/httpd/httpd.conf
Also read : How to Uninstall NGINX from Ubuntu
2. Enable Samesite cookies
Add the following line to your Apache configuration file, depending on its version. It will enable HttpOnly and Secure flags in response headers.
Apache >= 2.2.4
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict
Apache < 2.2.4
Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
Save and close the file.
Also read : How to Exclude File in Git Commit
3. Restart Apache Web Server
Restart Apache web server to apply changes
$ sudo service apache2 restart
Also read : How to Save Iptables Rules Permanently
4. Test samesite cookies
You can use any of the online tools to check HTTP response headers on your website and ensure that samesite cookies are actually enabled.
Also read : How to Convert String to UTF-8 in Python
Samesite headers will protect your website from XSS attacks by setting HttpOnly and Secure flags for each response.