For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

YossiV's avatar
YossiV
Icon for Nimbostratus rankNimbostratus
Jul 13, 2016

Irule for Data group List to Block specific cookie

Hi. i am wondering if there is any option to create a datagroup (string type) and assign it to an irule which will block the request ( for example response 403) base on the cookie that the client co...
application delivery
iRules
LTM
jgranieri's avatar
jgranieri
Icon for Nimbostratus rankNimbostratus
Jul 14, 2016

I am far from a programmer and irule expert but these are basically what you need to do.

Use the event handler When HTTP_REQUEST to capture the header containing the cookie, store it in a variable. Log it or not and then compare it to the string data-group and take an action.

so here is something that you can work off of. You need to pre-configure a pool, a string based data-group. The syntax might be off as I quickly threw it together but you should be able to work off of this and get it going. 

when CLIENT_ACCEPTED {  
    log local0. "[IP::client_addr]: HTTP Client Connected"
}
when HTTP_REQUEST {
    set Found_Cookie"[HTTP::header value Cookie]"
     Your choice to log this or not 
     log local0. "Detected Cookie as $Found_Cookie"
    if { [class match $Found_Cookie contains Cookie_String_Data_Group } {
          log local0. "Cookie matches data-group and this connection will be rejected"
          reject  
    }
      } else {
       log local0. "Cookie does not match the reject list Allowing connection"
       pool XYZ
}