For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wyuen_99269's avatar
wyuen_99269
Icon for Altostratus rankAltostratus
May 07, 2015

How to search a string for multiple values and replace with another string

Inserting cookie: PHPSESSID=eur026tal67g54keu6oj5gphh6; expires=Fri, 08-May-2015 13:23:10 GMT; path=/; domain= HttpOnly   Need code to strip "HttpOnly" or "httponly"   HTTP::header insert "Set-...
wyuen_99269's avatar
wyuen_99269
Icon for Altostratus rankAltostratus
May 08, 2015

I am creating new cookies. At the end of the line, a string "HttpOnly" or "httponly" is added and unable to create the cookie. I wanted to string the string "HttpOnly" or "httponly" out of the cookie line.

 

Under is the code and if you look at "Inserting cookie" portion, it is not inserting the code.

 

when HTTP_RESPONSE { if { $static::ProxyPassDebug > 1 } { log local0. "$log_prefix: [HTTP::status] response from [LB::server]" }

 

if {$bypass} {
     No modification is necessary if we didn't change anything inbound so disable the stream filter if it was enabled

     Check if we're rewriting the response
    if {$static::RewriteResponsePayload} {
        if { $static::ProxyPassDebug > 1 } {
            log local0. "$log_prefix: Rewriting response content enabled, but disabled on this response."
        }

         Need to explicity disable the stream filter if it's not needed for this response
         Hide the command from the iRule parser so it won't generate a validation error
           when not using a stream profile
        set stream_disable_cmd "STREAM::disable"

         Execute the STREAM::disable command.  Use catch to handle any errors. Save the result to $result
        if { [catch {eval $stream_disable_cmd} result] } {
             There was an error trying to disable the stream profile.
            log local0. "$log_prefix: Error disabling stream filter ($result). If you enable static::RewriteResponsePayload, then you should add a stream profile to the VIP.  Else, set static::RewriteResponsePayload to 0 in this iRule."
        }
    }

     Exit from this event.
    return
}

 Check if we're rewriting the response
if {$static::RewriteResponsePayload} {
     Configure and enable the stream filter to rewrite the response payload
     Hide the command from the iRule parser so it won't generate a validation error
       when not using a stream profile
    if {$static::RewriteResponsePayload > 1} {
        set stream_expression_cmd "STREAM::expression \"@$host_serverside$path_serverside@$host_clientside$path_clientside@ @$path_serverside@$path_clientside@\""
    } else {
        set stream_expression_cmd "STREAM::expression \"@$host_serverside$path_serverside@$host_clientside$path_clientside@\""
    }
    set stream_enable_cmd "STREAM::enable"
    if { $static::ProxyPassDebug > 1 } {
        log local0. "$log_prefix: \$stream_expression_cmd: $stream_expression_cmd, \$stream_enable_cmd: $stream_enable_cmd"
    }

     Execute the STREAM::expression command. Use catch to handle any errors. Save the result to $result
    if { [catch {eval $stream_expression_cmd} result] } {
         There was an error trying to set the stream expression.
        log local0. "$log_prefix: Error setting stream expression ($result). If you enable static::RewriteResponsePayload, then you should add a stream profile to the VIP.  Else, set static::RewriteResponsePayload to 0 in this iRule."
    } else {
         No error setting the stream expression, so try to enable the stream filter
         Execute the STREAM::enable command.  Use catch to handle any errors. Save the result to $result
        if { [catch {eval $stream_enable_cmd} result] } {
             There was an error trying to enable the stream filter.
            log local0. "$log_prefix: error enabling stream filter ($result)"
        } else {
            if { $static::ProxyPassDebug > 1 } {
                log local0. "$log_prefix: Successfully configured and enabled stream filter"
            }
        }
    }
}

 Fix Location, Content-Location, and URI headers
foreach header {"Location" "Content-Location" "URI"} {
    set protocol [URI::protocol [HTTP::header $header]]
    if { $static::ProxyPassDebug > 1 } {
        log local0. "$log_prefix: Checking $header=[HTTP::header $header], \$protocol=$protocol"
    }
    if {$protocol ne ""} {
        set server_path [findstr [HTTP::header $header] $host_serverside [string length $host_serverside]]
        if {$server_path starts_with $path_serverside} {
            if { $static::ProxyPassDebug } {
                log local0. "$log_prefix: Changing response header $header: [HTTP::header $header] with $protocol://$host_clientside$path_clientside[substr $server_path [string length $path_serverside]]"
            }
            HTTP::header replace $header $protocol://$host_clientside$path_clientside[substr $server_path [string length $path_serverside]]
        }
    }
}

 Rewrite any domains/paths in Set-Cookie headers
if {[HTTP::header exists "Set-Cookie"]}{
    array unset cookielist
    foreach cookievalue [HTTP::header values "Set-Cookie"] {
        set cookiename [getfield $cookievalue "=" 1]
        set namevalue ""
        set newcookievalue ""
                       log local0. "CookieName = $cookiename ProxyPass"
                       log local0. "CookieValue = $cookievalue ProxyPass"
        foreach element [split $cookievalue ";"] {
            set element [string trim $element]
                                 log local0. "Element = $element ProxyPass 1"
            if {$namevalue equals ""} {
                set namevalue $element  
            } else {
                if {$element contains "="} {
                    set elementname [getfield $element "=" 1]
                    set elementvalue [getfield $element "=" 2]
                    if {[string tolower $elementname] eq "domain"} {
                        set elementvalue [string trimright $elementvalue "."]
                        if {$host_serverside ends_with $elementvalue} {
                            if {$static::ProxyPassDebug > 1} {
                                log local0. "$log_prefix: Modifying cookie $cookiename domain from $elementvalue to $host_clientside ProxyPass"
                            }
                            set elementvalue $host_clientside
                        }
                        append elementvalue "."
                    }
                    if {[string tolower $elementname] eq "path"} {
                        if {$elementvalue starts_with $path_serverside} {
                            if {$static::ProxyPassDebug > 1} {
                                log local0. "$log_prefix: Modifying cookie $cookiename path from $elementvalue to $path_clientside[substr $elementvalue [string length $path_serverside]] ProxyPass"
                            }
                            set elementvalue $path_clientside[substr $elementvalue [string length $path_serverside]]
                        }
                    }
                    append newcookievalue "; $elementname=$elementvalue"
                } else {
                    append newcookievalue "; $element"
                }
            }
        } 
        set cookielist($cookiename) "$namevalue$newcookievalue"
    }
    HTTP::header remove "Set-Cookie"
    foreach cookiename [array names cookielist] {
                       log local0. "Remove CookieName = $cookielist($cookiename) ProxyPass"                 

                   HTTP:header insert "Set-Cookie" $cooklist($cookiename) 

        if {$static::ProxyPassDebug > 1} {
            log local0. "$log_prefix: Inserting cookie: $cookielist($cookiename)"
        }
    }
}

}