Forum Discussion
- hooleylistCirrostratusHi Dave,
when SERVER_CONNECTED { Save the name of the currently connected pool set pool_name [LB::server pool] } when HTTP_RESPONSE { Check if the response contains the persistence cookie if {[HTTP::cookie BIGipServer${pool_name}] ne ""}{ Replace the last Set-Cookie header value with the same value and ; HttpOnly appended HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" } }
- DaveC_53879NimbostratusHi Hoolio,
- hooleylistCirrostratusJust to clarify, the cookie insert persistence cookie contains an encoding of the pool member IP:port as described in SOL6917:
- DaveC_53879NimbostratusI actually already encrypt the cookie, so the rule as is does not work. Is there a way to just append http only to end of the cookie string w/o having to read the cookie?
- hooleylistCirrostratusThat's what that iRule I posted should do. What happens if you try it? If you're concerned about it not working and the virtual server is in production, you could create a test virtual server and try it there.
- DaveC_53879Nimbostratus
Thanks for getting back to me. There is no change. It looks like your script needs to read the string BIGipServerAA_sessiontest_pool, with AA_sessiontest_pool as my pool for testing, but can't since it's encrypted. If I unencrypt the cookie your iRule works as expected. I tried replacing the actual name of my cookie in your script, but that didn't help.
- hooleylistCirrostratusIt doesn't need to "read" the cookie value; it's just checking to see that the cookie is set and has any value.
when SERVER_CONNECTED { Save the name of the currently connected pool set pool_name [LB::server pool] log local0. "[IP::client_addr]:[TCP::client_port]: Pool $pool_name" } when HTTP_RESPONSE { Check if the response contains the persistence cookie if {[HTTP::cookie BIGipServer${pool_name}] ne ""}{ log local0. "[IP::client_addr]:[TCP::client_port]: Cookie BIGipServer${pool_name} set, rewriting Set-Cookie: [HTTP::header Set-Cookie]" Replace the last Set-Cookie header value with the same value and ; HttpOnly appended HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" } } when HTTP_RESPONSE priority 501 { Debug logging only. Remove this once testing is complete. log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie: [HTTP::header Set-Cookie]" }
- DaveC_53879NimbostratusHere is the result. I get 10 of these.
- DaveC_53879NimbostratusAaron,
- hooleylistCirrostratusDo you have a custom persistence cookie name? If so, you can change the iRule to this:
when SERVER_CONNECTED { Save the name of the currently connected pool set pool_name [LB::server pool] log local0. "[IP::client_addr]:[TCP::client_port]: Pool $pool_name" } when HTTP_RESPONSE { Check if the response contains the persistence cookie if {[HTTP::cookie "persistence_cookie_name"] ne ""}{ log local0. "[IP::client_addr]:[TCP::client_port]: Cookie persistence_cookie_name set, rewriting Set-Cookie: [HTTP::header Set-Cookie]" Replace the last Set-Cookie header value with the same value and ; HttpOnly appended HTTP::header replace Set-Cookie "[HTTP::header Set-Cookie]; HttpOnly" } } when HTTP_RESPONSE priority 501 { Debug logging only. Remove this once testing is complete. log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie: [HTTP::header Set-Cookie]" }