How to remove the ASM TS* Cookie

This code will not remove the cookie completely, it will only prevent the cookie from being passed on to the pool members. In other words the client will send the cookie to the Big IP and the Big IP will remove the cookie from the http header before the request is sent to the server.

If you wish to remove the cookie completely, why don't you remove it from the ASM policy instead?

Hello Thanks for your answer, how can I remove it from the ASM policy ?

Best Regards

David

If you remove the cookie then it might cause trigger the cookie violation if enabled.

If you remove the cookie then it might cause trigger the cookie violation if enabled.

HTTP_REQUEST_RELEASE is fired just before the Request from the Client is being sent to the Server-side (pool member), so my understanding is that is not what you want. You want the opposite - you want ASM to stop sending TS cookies to your client, you need to use HTTP_RESPONSE_RELEASE event,e.g:

  HTTP_RESPONSE_RELEASE    {
  set cookies [HTTP::cookie names]
  foreach aCookie $cookies {
    if {$aCookie matches_regex {^TS(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
       Remove ASM Cookies
      log local0. $aCookie
      HTTP::cookie remove $aCookie
    }
  }
}

I am not quite sure about the version of BIG-IP you are using, I reported a bug in HTTP::cookie remove functionality to F5 years ago, it is likely that this will work only from version 11.6.1/12.0, a workaround was to use HTTP::header remove instead of cookie remove.