For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Feb 22, 2016

Hi Ruben,

yes I implemented a workaround for IE in the meanwhile, which seems to work fine. The only small drawback of this solution is, it assumes that each parallel connected client has a unique IP-address (so no NATing in between).

I added the following lines at the beginning of the HTTP_REQUEST event:

if an email from the archive will be opened, the APM session-ID will be stored
in the session table based on the source-IP (assuming it's unique for all clients)
if { [HTTP::uri] starts_with "/EnterpriseVault/ViewMessage.asp" } {
    table set -subtable [IP::client_addr] lastmrh_session [HTTP::cookie LastMRH_Session] 900
    table set -subtable [IP::client_addr] mrhsession [HTTP::cookie MRHSession] 900
}
the content if the email is embedded via an iframe, where IE is blocking all cookies
therefor the cookie will be added based on the information from the session table
if { [HTTP::uri] starts_with "/EnterpriseVault/Properties.asp" } {
    HTTP::cookie insert name "LastMRH_Session" value [table lookup -subtable [IP::client_addr] lastmrh_session]
    HTTP::cookie insert name "MRHSession" value [table lookup -subtable [IP::client_addr] mrhsession]
}

But still have no workaround for FF, where the issue seems that FF is not sending the iFrame request at all. Chrome was working fine from the beginning and iOS devices haven't been tested yet.

Hope that helps or at least point you in the right direction.

Ciao Stefan 🙂