Forum Discussion

DJDX21_252164's avatar
DJDX21_252164
Icon for Cirrus rankCirrus
Mar 17, 2016

iRule to rewrite cookie domain to toplevel domain

I have to domains, 1. xyz.abc.com 2. xyz.abbc.com Now when I am trying to change the domain of the cookie at the toplevel the below iRule isn't working.   when HTTP_RESPONSE { set a ".abc.com" set...
BIG-IP
cookies
devops
iRules
security
  • DJDX21_252164's avatar
    DJDX21_252164
    Mar 18, 2016

    Finally I was able to set the cookie domain to toplevel by using the following iRule. Cookies are set to toplevel domain now by using HTTP::host and comparing directly with the domain values I have. What do you think about the following iRule? Any flaws?

    when HTTP_REQUEST {
    log local0. "Cookie names in received request: [HTTP::cookie names] from IP: [IP::local_addr]"
   set httphost [HTTP::host]
}

when HTTP_RESPONSE { 
    foreach mycookie [HTTP::cookie names] { 
     log local0. "Host : $httphost"
        if { $httphost ends_with ".abc.com" } { 
            HTTP::cookie domain $mycookie ".abc.com"
        } elseif { $httphost ends_with ".abbc.com" } { 
            HTTP::cookie domain $mycookie ".abbc.com"
        } else {
          log local0. "Not a single cookie domain matched :"
        }
    } 
}
Sylvain_85827's avatar
Sylvain_85827
Icon for Cirrus rankCirrus
Mar 17, 2016

And the value of $mycookie in each if statement. Please use below code as I just noticed I made a copy/paste mistake in the log of the second if statement (the one for $b):

 

when HTTP_REQUEST {
    log local0. "Cookie domain in received request: [HTTP::cookie names] from IP: [IP::local_addr]"
}

when HTTP_RESPONSE { 
    set a ".abc.com" 
    set b ".abbc.com" 

    foreach mycookie [HTTP::cookie names] { 
        set cookieDomain [HTTP::cookie domain $mycookie] 
        log local0. "==> cookieDomain value is : $cookieDomain"

       if { $cookieDomain contains $a } { 
            log local0. "Cookie domain matched: $a"
            HTTP::cookie domain $mycookie $a 
        } 
        elseif { $cookieDomain contains $b } { 
            log local0. "Cookie domain matched: $b"
            HTTP::cookie domain $mycookie $b 
        } else {
            log local0. "Not a single cookie domain matched :/"
        }

    } 
}

We definitively need to have a clear idea of the value of $cookieDomain to make a correct match on it.

 

  • DJDX21_252164's avatar
    DJDX21_252164
    Icon for Cirrus rankCirrus
    Mar 17, 2016
    Yeah, I rectified it before paste. the if statement is matching now. Cookie names in received request: ASP.NET_SessionId .AB.DOMAIN.ID .AB.QA.CCM.99 from IP: *.*.*.* Cookie domain matched: .abc.com But the domain is still not getting set I can still see xyz.abc.com