Forum Discussion

Stefan_126426's avatar
Stefan_126426
Icon for Nimbostratus rankNimbostratus
Jan 02, 2013

Confusing ASP.NET session cookie rewriting with HttpOnly flag version 10

Hi Everyone, first post here so a little introduction.   I am a sysadmin/developer for a large insurance company and have just taken ownership of our F5 box. 12 Years IT experience so I can usuall...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jan 03, 2013
your 1st irule seems working fine in 11.3.0. 

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) show sys version

Sys::Version
Main Package
  Product  BIG-IP
  Version  11.3.0
  Build    2806.0
  Edition  Final
  Date     Tue Nov 13 22:34:00 PST 2012

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.14:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vlans-disabled
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_RESPONSE {
  set myValues [HTTP::cookie names]
  foreach mycookies $myValues {
    set currentValue [HTTP::cookie $mycookies]
    HTTP::cookie remove $mycookies
    HTTP::header insert "Set-Cookie" "$mycookies=$currentValue; HttpOnly; Secure; Path=/;"
  }
}
}

 response from server (not passing bigip)

[root@ve11a:Active:Changes Pending] config  curl -I http://200.200.200.101
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 21216
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=d4or5si4ezfo3oiienjmzjug; path=/; HttpOnly
Set-Cookie: testcookie=123456; path=/
Set-Cookie: mycookie=abcdef; path=/; HttpOnly
Date: Wed, 02 Jan 2013 15:26:51 GMT

 response from bigip

[root@centos251 ~] curl -I http://172.28.20.14
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 21216
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Wed, 02 Jan 2013 15:26:51 GMT
Set-Cookie: testcookie=123456; HttpOnly; Secure; Path=/;
Set-Cookie: ASP.NET_SessionId=d4or5si4ezfo3oiienjmzjug; HttpOnly; Secure; Path=/;
Set-Cookie: mycookie=abcdef; HttpOnly; Secure; Path=/;