Problem with iRule ProxyPass v10 and "/" URI

Hi,

Anybody can help us ?

Thanks

Fred

If I understand you correctly, for any POST request to "/" with a Content-Length greater than 500k, there is no application cookie in the request. All other URIs do present an application cookie in the request. If that's correct, do you see that the browser isn't sending the cookie, or that it's getting stripped at the F5? If the former, can you verify that the browser in fact has the cookie before the POST request?

Yes, it's correct. We have made ssldump between the client and the F5 and we didn't see the cookie in the POST request. So the client don't send the cookie. As the iRule rewrite the response before to send it to the client, I think there is a problem with the rewrite rule when we have a path "/". When the content lengh is less than 500 ko with the path "/", it's working but the cookie is not present (as when the content lenght is more than 500 ko).

There is an example : with the path "/" :

POST /start.swe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: https://192.168.200.59/start.swe Accept-Language: fr-FR User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: 192.54.200.59 Content-Length: 659 Connection: Keep-Alive Cache-Control: no-cache

with the path "/ent" :

POST /ent/start.swe HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: https://192.168.200.59/ent/start.swe?SWEField=s_4_1_8_0&SWENeedContext=true&SWESP=false&SWERowIds=&SWEMethod=NewRecord&SWECmd=InvokeMethod&SWEVI=&SWEPOC=&SWETargetView=&SWEDIC=false&SWEReqRowId=0&SWEView=CRMWE7+Saisie+OC+VVENTABD+Creation+View&SWETVI=&SWERowId=&SWEC=3&SWEM=&SWEBID=-1&SWESPa=&SWEContainer=&SWETS=&SWETA=&SWEApplet=CRMWE7+OC+RSP+Creation+Form+Applet&SWETS=1391697689072&SWEC=3&SWENoHttpRedir=true Accept-Language: fr-FR User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: 192.168.200.59 Content-Length: 579 Connection: Keep-Alive Cache-Control: no-cache Cookie: sn=8bU9RNnaRJjJttXPViTrzkZCH135Tf-Pl0lQ5mfutHU

Thanks for your help

Very interesting indeed. Well, because it's the client not setting the cookie in the response, there's really only two places to look:

1. The client itself (some user-agent anomaly), or

    

2. The cookie setting process - the moment the server sends the cookie to the client and under what conditions it does so (perhaps a specific Path value?). Can you capture that, when the server sends its cookie to the client?

    

We have the same result with some different Browser (IE 6, IE 8, Firefox ...) so I don't think it's a problem with browsers but i'm not sure.

I have not capture between F5 and server at this time because it's ssl encrypted and we didn't succeed to decrypt them (we have the same certificate between client-->F5 and F5--> server but it doesn't decrypt and I don't know why). We have some capture between client to f5 with the response send by the F5 and we have a difference between the path "/" and an other path as "/ent/"

Please see below with path "/" :

HTTP/1.1 200 OK Server: Sun-ONE-Web-Server/6.1 Date: Thu, 06 Feb 2014 14:34:39 GMT Content-type: text/html;charset=UTF-8 Content-language: fr Cache-control: no-cache Pragma: no-cache **Set-Cookie: _sn=clk9cVxtMmc-tbOq1WTwKdrCnRLVUqm8WNMEL4JtUW0_; Version=1; Path=/ent_gcdn_fra; HTTPOnly** Transfer-Encoding: chunked

and with path "/ent" : 
HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Thu, 06 Feb 2014 14:40:21 GMT
Content-type: text/html;charset=UTF-8
Pragma: no-cache
Content-language: fr
Cache-control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
**Set-Cookie: _sn=8bU9RNnaRJjJttXPViTrzkZCH135Tf-Pl0lQ5mfutHU_; Version=1; Path=/ent; HTTPOnly**
Transfer-Encoding: chunked

As you can see, for the path "/", the path of the set-cookie is not just "/" that is not good for me. For the path "/ent", the path of the cookie is "/ent, that it's good for me. 

Many thanks

Well that would explain it then. The cookie is being set for the "/ent" path, so the browser WOULD NOT send this cookie for any other path. It's a pretty straight forward thing to change the path value of the cookie with an iRule, but it may be even simpler to change it in the application itself, if at all possible.

Yes, i'm agree with that. I think is the irule proxypass that change the path on the cookie for the path "/" and so it doesn't work correctly after that. But I don't know which part or which line in this irule that made this fault. I need help to analyse the proxypass irule to find where it can change the path of the cookie in the response.

Just looking through the v10/v11 ProxyPass iRule, I'd say you could comment out this line (around line 435):

set elementvalue $path_clientside[substr $elementvalue [string length $path_serverside]]

Thanks Kevin. we will test this. I will update you when it will be done.

Kevin I am getting same issue but i want of set cookie to client side. i.e. "/clientdir" := "/serverdir", "/" := "/healthcare",

Application does set-cookie on /healthcare but i want to set it on clientdir which in this case is "/"