Forum Discussion

mjbeadle's avatar
mjbeadle
Icon for Nimbostratus rankNimbostratus
Jul 19, 2013

Issue with iRule adding secure cookie flag

I am using the common iRule for setting the secure cookie flag on each cookie-   when HTTP_RESPONSE {   set cookies [HTTP::cookie names]   Loop through each cookie by name in reque...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 22, 2013
i think the correct way is to fix cookie value at server.

anyway, if there is small number of cookie value containing space, you may temporarily remove (space) and add it back after securing cookie.

e.g. 

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm virtual bar15
ltm virtual bar15 {
    destination 172.28.20.15:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        myrule
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vlans-disabled
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list ltm rule myrule
ltm rule myrule {
    when HTTP_RESPONSE {
   remove space
  set cklist [HTTP::header values Set-Cookie]
  HTTP::header remove Set-Cookie
  foreach ck $cklist {
    HTTP::header insert Set-Cookie [string map {"Information Services" "InformationServices"} $ck]
  }

   secure cookie
  foreach aCookie [HTTP::cookie names] {
    HTTP::cookie secure $aCookie enable
  }

   add space
  set cklist [HTTP::header values Set-Cookie]
  HTTP::header remove Set-Cookie
  foreach ck $cklist {
    HTTP::header insert Set-Cookie [string map {"InformationServices" "Information Services"} $ck]
  }
}
}

 original response

[root@ve11a:Active:Changes Pending] config  curl -I http://200.200.200.101
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2013 14:06:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Set-Cookie: SRS0=CGI&SPONSOR_UserRole=Information Services&SPONSOR_MLID=iaGgsohWthE%2BNvC
Set-Cookie: EPowerV4Users=carrefourvoyagesb2b=13_user; path=/; secure
Connection: close
Content-Type: text/html; charset=UTF-8

 response after passing bigip

[root@ve11a:Active:Changes Pending] config  curl -I http://172.28.20.15
HTTP/1.1 200 OK
Date: Mon, 22 Jul 2013 14:06:35 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: SRS0=CGI&SPONSOR_UserRole=Information Services&SPONSOR_MLID=iaGgsohWthE%2BNvC;secure;
Set-Cookie: EPowerV4Users=carrefourvoyagesb2b=13_user; path=/; secure