Forum Discussion
nitass
Aug 28, 2013Employee
it seems HTTP::cookie version does not work.
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
foreach mycookies $myValues {
HTTP::cookie version $mycookies 1
HTTP::cookie secure $mycookies enable
HTTP::cookie httponly $mycookies enable
}
}
}
[root@ve11a:Active:Changes Pending] config cat /var/log/ltm
Aug 28 09:06:56 ve11a err tmm[1091]: 01220001:3: TCL error: /Common/myrule - Illegal argument (line 2) invoked from within "HTTP::cookie version $mycookies 1" ("foreach" body line 2) invoked from within "foreach mycookies $myValues { HTTP::cookie version $mycookies 1 HTTP::cookie secure $mycookies enable HTTP::cookie httponly $mycookies en..."
so, i remove cookie if its version is not 1, insert it back and set secure and httponly flgas.
e.g.
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.20.111:80
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
rules {
myrule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 23
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:80 {
address 200.200.200.101
}
}
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
foreach mycookies $myValues {
if { [HTTP::cookie version $mycookies] != 1 } {
set ckval [HTTP::cookie value $mycookies]
set ckpath [HTTP::cookie path $mycookies]
HTTP::cookie remove $mycookies
HTTP::cookie insert name $mycookies value $ckval path $ckpath version 1
}
HTTP::cookie secure $mycookies enable
HTTP::cookie httponly $mycookies enable
}
}
}
to server directly
[root@ve11a:Active:Changes Pending] config curl -I http://200.200.200.101
HTTP/1.1 200 OK
Date: Wed, 28 Aug 2013 01:01:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Set-Cookie: abc=1234; path=/; Secure
Set-Cookie: def=5678; path=/; HttpOnly; Version=1
Set-Cookie: xyz=abcd; path=/; Version=2
Content-Type: text/html; charset=UTF-8
via bigip
[root@ve11a:Active:Changes Pending] config curl -I http://172.28.20.111
HTTP/1.1 200 OK
Date: Wed, 28 Aug 2013 01:01:57 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Set-Cookie: def=5678;Secure; path=/; HttpOnly; Version=1
Content-Type: text/html; charset=UTF-8
Set-Cookie: abc=1234;HttpOnly;Secure;Path=/;Version=1;
Set-Cookie: xyz=abcd;HttpOnly;Secure;Path=/;Version=1;