Forum Discussion

mjbeadle's avatar
mjbeadle
Icon for Nimbostratus rankNimbostratus
Jul 19, 2013

Issue with iRule adding secure cookie flag

I am using the common iRule for setting the secure cookie flag on each cookie-   when HTTP_RESPONSE {   set cookies [HTTP::cookie names]   Loop through each cookie by name in reque...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 22, 2013
The issue comes up when there is a cookie whose data has a space in it. i thought cookie value does not contain whitespace.

HTTP cookie

http://en.wikipedia.org/wiki/HTTP_cookie

anyway, it seems okay to me here.

e.g. 

[root@ve10:Active] config  b version|grep -iA 1 version
BIG-IP Version 10.2.4 655.0
Hotfix HF4 Edition

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
  set cookies [HTTP::cookie names]
  foreach aCookie $cookies {
    log local0. "$aCookie = [HTTP::cookie value $aCookie]"
    HTTP::cookie secure $aCookie enable
  }
}
}

 log

[root@ve10:Active] config  cat /var/log/ltm
Jul 22 17:29:54 local/tmm info tmm[26228]: Rule myrule : cookie = CGI&SPONSOR_UserRole=Information Services&SPONSOR

 trace

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.17(47282) <-> 172.28.19.252(80)
1374485394.6293 (0.0010)  C>S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.252
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(47282) <-> 200.200.200.101(80)
1374485394.6321 (0.0010)  C>S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.252
Accept: */*

---------------------------------------------------------------

1374485394.6353 (0.0031)  S>C
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2013 09:40:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Set-Cookie: cookie=CGI&SPONSOR_UserRole=Information Services&SPONSOR
Connection: close
Content-Type: text/html; charset=UTF-8

---------------------------------------------------------------

1374485394.6354 (0.0060)  S>C
---------------------------------------------------------------
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2013 09:40:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Set-Cookie: cookie=CGI&SPONSOR_UserRole=Information Services&SPONSOR;secure;
Connection: close
Content-Type: text/html; charset=UTF-8

---------------------------------------------------------------