For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PiotrL's avatar
PiotrL
Icon for Cirrus rankCirrus
Oct 03, 2019

ASM cookie, modifying "domain" field

Is it possible to modify "domain" field in the ASM cookie ? As it appears ASM is using a hostname from http header, unfortunately the host is replaced to an internal hostname (required by an app) i...
ASM Advanced WAF
asm ts cookie
cookie
Andrew-F5's avatar
Andrew-F5
Icon for Employee rankEmployee
Nov 06, 2019

Unfortunately this isn't a configurable option yet within ASM but it is a feature that has been requested.

You would have to modify the cookie via iRule to get the result you want.

== Sample iRule ==

when RULE_INIT {
  # Cookie name prefix
  set static::ck_pattern "TS*"
 
  # Log debug to /var/log/ltm? 1=yes, 0=no
  set static::ck_debug 1
}
 
when HTTP_REQUEST {
  set incoming_domain [HTTP::host]
  if {$static::ck_debug}{log local0. "incoming domain name: [HTTP::host]"}
}
 
when HTTP_RESPONSE_RELEASE {
  if {$static::ck_debug}{log local0. "Cookie names: [HTTP::cookie names]"}
  # Check if the cookie names in the response match our string glob pattern
  if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
    # We have at least one match so loop through the cookie(s) by name
    if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
    foreach cookie_name $cookie_names {
      HTTP::cookie attribute $cookie_name remove domain
      HTTP::cookie attribute $cookie_name insert " Domain" ".$incoming_domain"
    }
  }
  if {$static::ck_debug}{log local0. "Cookie header(s): [HTTP::header values Set-Cookie]"}
}
  • Sanket-9968's avatar
    Sanket-9968
    Icon for Nimbostratus rankNimbostratus
    May 07, 2024

    Thanks Andrew
    Is the configurable option within ASM is available now? I am using 16.1.4 image and need to modify the domain name set in the ASM cookie.