Forum Discussion

Steve_245's avatar
Steve_245
Icon for Nimbostratus rankNimbostratus
Jan 21, 2016

Remove Cookie from Request Based on Cookie Domain

I have a web application that will fail if it sees any cookies other than what it knows should be present. I need to scrape/remove all cookies other than that which is required. The required cookie h...
application delivery
cookies
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 21, 2016

Hi Steve,

the cookie domain, cookie path, cookie timestamps, secure etc. values are just send in a HTTP responses.

Those values will instruct the browser to which application the cookie would be accessible, to which site/path the cookie could be send and how long it will be cached, etc.

In a HTTP requests each cookie will basically look similiar - it would just have a name and a value.

To fix your application, you have to identify every valid cookie name. Dump those names and values in a variable, then remove the entire cookie header and restore just the good cookie names and values...

when RULE_INIT {
    set static::good_cookies "cookie_name1 cookie_name2 cookie_name3"
}
when HTTP_REQUEST {
    foreach cookie_name $static::good_cookies {
        append cookie_to_replay "$cookie_name=[HTTP::cookie value $cookie_name]; "
    }
    HTTP::header remove "Cookie"
    HTTP::header insert "Cookie" [string trim $cookie_to_replay "; "]
    unset -nocomplain cookie_to_replay
}

Cheers, Kai