Forum Discussion
Steve_245
Nimbostratus
NimbostratusLooking for Feedback/Efficiency on Cookie Removal
Background:
We have a homegrown portal that users log in to and then launch applications from. This portal injects a ridiculous number of cookies into the client. One or more of these cookies prevent...
Kai_Wilke
MVP
MVPHi Steve,
1.) Using an iRule is the only way to sanitize HTTP-request cookies. 2a.) If you need to whitelist less than 5 cookie names, then
[if]when HTTP_REQUEST {
foreach cookie [HTTP::cookie names] {
if { not ( ( $cookie starts_with "f5" )
or ( $cookie starts_with "" )
or ( $cookie starts_with "" )
or ( $cookie starts_with "" )
or ( $cookie starts_with "" ) ) } then {
HTTP::cookie remove $cookie
log local0. "Removing cookie $cookie"
}
}
}
2b.) If you need to whitelist more than 5 but less than 50 cookie names , then
[switch -glob]when HTTP_REQUEST {
foreach cookie [HTTP::cookie names] {
switch -glob -- $cookie {
"f5*" -
"*" -
"*" -
"*" -
"*" -
"*" -
"*" -
"*" -
"*" -
"*" {
Keep the cookie...
}
default {
HTTP::cookie remove $cookie
log local0. "Removing cookie $cookie"
}
}
}
}
2c.) If you need to whitelist more than 50 cookie names , then
[class]ltm data-group internal DataGroup_Cookie_Whitelist {
records {
"f5" {}
"" {}
"" {}
"" {}
"" {}
"" {}
"" {}
"" {}
"" {}
"" {}
}
type string
}
when HTTP_REQUEST {
foreach cookie [HTTP::cookie names] {
if { not ( [class match $cookie starts_with "DataGroup_Cookie_Whitelist"] ) } then {
HTTP::cookie remove $cookie
log local0. "Removing cookie $cookie"
}
}
}
Note: The mentioned "best-choice" is purely based on performance data. Personal preferences may result in different "best-choices" 😉
Cheers, Kai
