Forum Discussion

Lorenzo_55525's avatar
Lorenzo_55525
Icon for Nimbostratus rankNimbostratus
Oct 08, 2012

Ltm v10.2 Remove HttpOnly from cookie

Hi All,

 

i need a help about removing "HttpOnly" from a cookie.

 

I got this cookie below and i would like to remove HttpOnly from it.

 

Set-Cookie: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/; HttpOnly

 

i tried with stream profile with no success.

 

Here is the code of streamprofile

 

 

profile stream stream_http_only {

 

defaults from stream

 

source "HttpOnly"

 

target none

 

}

 

 

i tried also with irule below but no success again.

 

 

when HTTP_RESPONSE {

 

 

Check if there are any Set-Cookie headers

 

if {[HTTP::header exists "Set-Cookie"]}{

 

 

Loop through each Set-Cookie header remove the HttpOnly option

 

foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {

 

 

log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: [HTTP::header value $a_set_cookie_value], \

 

updated value [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]"

 

HTTP::header replace Set-Cookie [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]

 

}

 

}

 

}

 

 

 

Log from this irule is

 

 

Oct 4 12:07:10 local/tmm info tmm[4931]: Rule irule_rem_http_only : 10.130.102.92:44306: Current Set-Cookie value: , updated value

 

Oct 4 12:07:10 local/tmm info tmm[4931]: Rule irule_rem_http_only : 10.130.102.92:44306: Current Set-Cookie value: , updated value

 

 

Please help me.

 

application delivery
dev
devops
iRules
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 08, 2012
    can you try something like this? 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_RESPONSE {
   if {[HTTP::header exists "Set-Cookie"]}{
      foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {
         log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: $a_set_cookie_value, \
         updated value [string map -nocase {"; HttpOnly" ""} $a_set_cookie_value]"
         HTTP::header replace "Set-Cookie" [string map -nocase {"; HttpOnly" ""} $a_set_cookie_value]
      }
   }
 }
}

 on client

[root@centos251 ~] curl -I http://172.28.19.79
HTTP/1.1 200 OK
Date: Mon, 08 Oct 2012 16:59:12 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Set-Cookie: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/
Connection: close
Content-Type: text/html; charset=UTF-8

 on bigip

[root@ve10:Active] config  tail -f /var/log/ltm
Oct  9 00:42:41 local/tmm info tmm[31087]: Rule myrule : 172.28.19.251:42446: Current Set-Cookie value: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/; HttpOnly,  updated value JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 09, 2012
    Nice work Nitass. Note that you can do this natively on v11:

     

     

    v11 Additions/Changes:

     

    HTTP::cookie httponly < name > [enable|disable]

     

     

    Aaron