For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Pranav_73262's avatar
Pranav_73262
Icon for Nimbostratus rankNimbostratus
Oct 08, 2013

ASM adding unwanted cookie

Hi, we have a VS created in LTM with Default Persistence as universal & following iRule:

when HTTP_REQUEST {
        if { [string tolower [HTTP::path]] starts_with "/abcd" } {
                pool Pool1
        } else {
                  set jsess [URI::query [HTTP::uri] PARAM]
                  if { $jsess != "" } {
                       persist uie $jsess 600
                       pool Pool2
                    }
        }
}

However, we are getting one unwanted cookie in response, so is it possible that above combination will add some unwanted default cookie for response?

application delivery
deployment
devops
iRules
security

28 Replies

  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 08, 2013

    Are you getting an ASM violation with respect to cookie? If so, please advise what is the violation/cookie name that is being complained about. The iRule itself as you posted does not do any cookie manipulation/addition/deletion.

     

    • Pranav_73262's avatar
      Pranav_73262
      Icon for Nimbostratus rankNimbostratus
      Oct 08, 2013
      No violations in ASM. Request is going through. will Default Persistence profile of universal ass any cookie?
    • Pranav_73262's avatar
      Pranav_73262
      Icon for Nimbostratus rankNimbostratus
      Oct 08, 2013
      Also is there any way to troubleshoot this e.g. enabling request logging etc.
  • Michael_Koyfman's avatar
    Michael_Koyfman
    Icon for Cirrocumulus rankCirrocumulus
    Oct 08, 2013

    Are you getting an ASM violation with respect to cookie? If so, please advise what is the violation/cookie name that is being complained about. The iRule itself as you posted does not do any cookie manipulation/addition/deletion.

     

    • Pranav_73262's avatar
      Pranav_73262
      Icon for Nimbostratus rankNimbostratus
      Oct 08, 2013
      No violations in ASM. Request is going through. will Default Persistence profile of universal ass any cookie?
    • Pranav_73262's avatar
      Pranav_73262
      Icon for Nimbostratus rankNimbostratus
      Oct 08, 2013
      Also is there any way to troubleshoot this e.g. enabling request logging etc.
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 08, 2013
    what is the cookie name? it might be the ASM one, which is there for a reason.
  • Pranav_73262's avatar
    Pranav_73262
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2013
    It looks like a ASM cookie. ASM Main Cookie, can we disble it in response to client?
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 08, 2013
    yes that is certainly an ASM cookie, never took the time to find out if you can remove it with an iRule, you could give it a try.
  • Pranav_73262's avatar
    Pranav_73262
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2013

    Hi

    I am trying following iRule:

        when HTTP_RESPONSE_RELEASE {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
if {$aCookie starts_with "TS"} {
HTTP::cookie remove $aCookie
        }
    }
}

Is this correct one?