For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jamesdris's avatar
jamesdris
Icon for Nimbostratus rankNimbostratus
Nov 02, 2015

making changes to cookie

I have a VIP on which cookie persistence is enabled. The cookie header contains a lot of other cookies that my browser passes. Is it possible to trim some of those cookies and pass only the desired ones to my servers?

 

application delivery
devops
iRules
LTM

10 Replies

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 02, 2015

    Yes, the easiest way is to use an irule that removes any un-wanted cookies.

    when HTTP_REQUEST {
    HTTP::cookie remove 
}
  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    Absolutely, and it's easy enough with iRules provided you know which cookies should be removed:

    when HTTP_REQUEST {
   HTTP::cookie remove 
}

    If you don't know exactly what cookies you want to remove but instead know what cookies you want to keep it's a bit more complicated, because then you need to loop through all the cookies and check if it's an allowed cookie or not. If this is the case I can make an example for you if you want.

  • jamesdris's avatar
    jamesdris
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    Thanks for the responses, is it possible to get the value of a single cookie with name say "test-cookie" from the list of cookies and replace the entire cookie header with just this one? Henrik can you point me to such an irule please?

     

  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    Sure, it would look something like this, might be typos since I'm doing this from the top of my head:

    when HTTP_REQUEST {
   foreach c_name [HTTP::cookie names] {
      if { !( [HTTP::cookie $c_name] eq "test-cookie" ) }{
         HTTP::cookie remove $c_name
      }
   }
}
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 02, 2015

    This should remove all cookies except for the "test-cookie" you want.

    when HTTP_REQUEST {
    set sessionCookies [ HTTP::cookie names ]
    foreach mycookie $sessionCookies {
        if { not ($mycookie equals "test-cookie") }{
            HTTP::cookie remove $mycookie
        }
    }
}
    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Nov 02, 2015
      Also, if you want to have a list of allowed cookies, create a data group containing that list named "allowedCookies_dg" and use an iRule like this. when HTTP_REQUEST { set sessionCookies [ HTTP::cookie names ] foreach mycookie $sessionCookies { if { not ( [class match $mycookie equals "allowedCookie_dg"]) }{ HTTP::cookie remove $mycookie } } }
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 02, 2015

    This should remove all cookies except for the "test-cookie" you want.

    when HTTP_REQUEST {
    set sessionCookies [ HTTP::cookie names ]
    foreach mycookie $sessionCookies {
        if { not ($mycookie equals "test-cookie") }{
            HTTP::cookie remove $mycookie
        }
    }
}
    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Nov 02, 2015
      Also, if you want to have a list of allowed cookies, create a data group containing that list named "allowedCookies_dg" and use an iRule like this. when HTTP_REQUEST { set sessionCookies [ HTTP::cookie names ] foreach mycookie $sessionCookies { if { not ( [class match $mycookie equals "allowedCookie_dg"]) }{ HTTP::cookie remove $mycookie } } }
  • jamesdris's avatar
    jamesdris
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    Thanks a lot, I will try these out. Is there an article on devcentral which points to various things that can be done with a HTTP::cookie like getting the names, rewriting, removing etc., ?