Forum Discussion

Robert_47833's avatar
Robert_47833
Icon for Altostratus rankAltostratus
Apr 21, 2011

question in http::cookie secure

when HTTP_RESPONSE

 

{

 

set myValues [HTTP::cookie names]

 

foreach mycookie $myValues

 

{

 

if {$mycookie == "cjj_INFO"}

 

{

 

Do nothing.

 

}

 

if {$mycookie == "cjj_SESS"}

 

{

 

Do nothing.

 

}

 

else {

 

HTTP::cookie secure $mycookie enable

 

}

 

}

 

}

 

 

 

If there is a http response include cjj_INFO and other cookie like,cjj_test,will they be set secure flag with respect to this irule

 

 

Because I don't know if I didn't set action or statement ,what will happen to the traffic?

 

 

Can some one help me?

 

 

Thanks very much
application delivery
dev
devops
iRules

5 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 21, 2011
    >I didn't set action or statement ,what will happen to the traffic?

    traffic will be processed normally.

    btw, i adjusted the irule to make it easily readable. anyway, i've not tested it out. pls feel free to revise. 

    
when HTTP_RESPONSE { 
   foreach myCookie [HTTP::cookie names] { 
      if {not ($myCookie equals "cjj_INFO" or $myCookie equals "cjj_SESS")} { 
         HTTP::cookie secure $myCookie enable 
      } 
   } 
}
  • naladar_65658's avatar
    naladar_65658
    Icon for Altostratus rankAltostratus
    Apr 21, 2011
    Hello jucao,

    The iRule above shows to be a valid iRule when I compile it in the F5 iRule Editor. (You should get that if you don't already have it... it's awesome). The iRule above should look at the cookies in the headers and if it cookies are not named cjj_INFO or CJJ_SESS then it will set the secure flag on the response. Just an FYI according to the documentation if you set the response flag to secure on a cookie that is already secure nothing will happen to the cookie. It will stay secure and will not be detrimental in any way.

    Here is an iRule similar to the one above that might also work:

    
when HTTP_RESPONSE {
set mycookienames [HTTP::cookie names] 
foreach cookie $mycookienames if !{ $mycookienames contains "cjj_INFO" or "cjj_SESS" } {
HTTP::cookie secure $mycookienames enable 
   }
}
  • Robert_47833's avatar
    Robert_47833
    Icon for Altostratus rankAltostratus
    Apr 21, 2011
    oh,thanks nitass ,naladar

     

    when HTTP_RESPONSE

     

    {

     

    set myValues [HTTP::cookie names]

     

    foreach mycookie $myValues

     

    {

     

    if {$mycookie == "cjj_INFO"}

     

    {

     

    Do nothing.

     

    }

     

    if {$mycookie == "cjj_SESS"}

     

    {

     

    Do nothing.

     

    }

     

    else {

     

    HTTP::cookie secure $mycookie enable

     

    }

     

    }

     

    }

     

     

     

    my irule has one issue

     

    the cjj_info will be set a secure flag in the second if statement,right?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 21, 2011
    >the cjj_info will be set a secure flag in the second if statement,right?

     

    yes, i think so.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 22, 2011
    I think it would be simpler to use a switch on the cookie value: 

    
when HTTP_RESPONSE {

   foreach mycookie [HTTP::cookie names] {
      switch $mycookie {
         "cjj_INFO" -
         "cjj_SESS" {
             Do nothing.
         }
         default {
            HTTP::cookie secure $mycookie enable
         }
      }
   }
}

    Aaron