Forum Discussion
Bryan_Lehr_1032
Nimbostratus
NimbostratusCookies and ASM
Hello,
I am trying to send a cookie directly to a pool w/o ASM inspection. The cookie name changes which prohibits me from simply adding it to allowed cookies. The name is "ASPSESSIONID********" where * denotes a random alphabet character.
I am experimenting with both an iRule and an HTTP Class Profile to simply forward it.
With the profile I am using a
match on cookie and regex - (?i)(ASPSESSIONID)([A-Z]{8}$) - this is latest syntax I am struggling with, it just seems to hate everything I try.
Not any better with iRule either, struggling with syntax and use of regex etc.
Any helpful responses greatly appreciated. Thanks a million!
2 Replies
Bryan_Lehr_1032Hello,
This is working but not as expected, this is the second in a stack of 4 profiles, the first 2 match static content w/o application security and the next 2 match on URI with Application Security.
What seems to be happening is once this cookie is picked up, it consistently matches the second profile and you are now free of the ASM's constraints.
Suggestions? Looks like an iRule is needed.
hoolioCirrostratus
Hello,
It looks like you have a case open with support on this. I'd suggest working with them and then posting the results here once you guys figure it out.
The current behavior you're seeing is expected: if you are using an HTTP class to filter requests which contain the cookie and App Security is disabled on the class, every request with that cookie will be sent directly to the pool.
The ability to define a modified domain cookie using a regular expression has been requested in CR47126. I've attached your case to the request to have this feature built in a future version.
There are a few options for how to work around this in 9.2.3. I think it would be good to work with support to determine the best approach.
Thanks,
Aaron
