For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sriram_129909's avatar
Sriram_129909
Icon for Nimbostratus rankNimbostratus
Apr 21, 2014

iRule to block Excessive cookie size

I need to block some requests that are having excessive cookie header size (more than 8190 bytes). Is there a variable in iRule that would give me the size in bytes?  
application delivery
devops
iRules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 21, 2014

This depends on a few factors. Namely:

  1. Do you mean request or response? In a request, all of the cookies will come across as a single Cookie header. You can subsequently gather it's total size with something like the following:

    when HTTP_REQUEST {
    log local0. [string length [HTTP::header Cookie]]
}

    If you wanted to break those down into the individual cookies, then you might do something like this:

    when HTTP_REQUEST {
    foreach x [HTTP::cookie names] {
        log local0. "cookie($x) = [string length $x[HTTP::cookie value $x]]"
    }
}

  2. In a response, the Set-Cookie headers would be separate, so:

    when HTTP_RESPONSE {
    foreach x [HTTP::cookie names] {
        log local0. "cookie($x) = [string length $x[HTTP::cookie value $x]]"
    }
}

  3. If you mean to block the entire request or response based on some threshold, then you can modify the iRule examples above accordingly. If you need to block specific cookies, then you'd need to parse and rewrite the cookie header for requests, and remove the specific cookie in a response.