Forum Discussion
Bryce_Halkerst1
Nimbostratus
NimbostratusLTM 11.1.0 Cookie httponly flag TCL errors
All,
Have deploy cookie httponly flag for PCI compliance. New irule takes down the website when applied. I am running http classes and i had to do httpclass disable for other irules. Has anyo...
nitass
Employee
Employeei got illegal argument error on HTTP::cookie version.
Jun 21 14:27:01 ve11a err tmm1[10969]: 01220001:3: TCL error: /Common/myrule - Illegal argument (line 1) invoked from within "HTTP::cookie version BIGipServerfoo 1"
so, i remove cookie and add it back later.
e.g.
[root@ve11a:Active:Changes Pending] config tmsh list ltm virtual bar
ltm virtual bar {
destination 172.28.20.16:80
ip-protocol tcp
mask 255.255.255.255
persist {
cookie {
default yes
}
}
pool foo
profiles {
http { }
tcp { }
}
rules {
myrule
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vlans-disabled
}
[root@ve11a:Active:Changes Pending] config tmsh list ltm rule myrule
ltm rule myrule {
when HTTP_RESPONSE {
if { [HTTP::cookie BIGipServerfoo] ne "" } {
set ck_value [HTTP::cookie value BIGipServerfoo]
set ck_path [HTTP::cookie path BIGipServerfoo]
HTTP::cookie remove BIGipServerfoo
HTTP::cookie insert name BIGipServerfoo value $ck_value path $ck_path version 1
HTTP::cookie httponly BIGipServerfoo enable
}
}
}
[root@ve11a:Active:Changes Pending] config curl -I http://172.28.20.16
HTTP/1.1 200 OK
Date: Fri, 21 Jun 2013 06:58:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerfoo=1707657416.20480.0000;HttpOnly;Path=/;Version=1;