Forum Discussion
Steve_Brown_882
Feb 03, 2012Historic F5 Account
Rewriting cookies
Hey Guys,
I am working on an irule to rewrite cookies on a site with httponly and secure flags set but getting an error on the http only flag sometimes. The rule is below...and this is v11.1
when HTTP_RESPONSE {
set cookie_names [HTTP::cookie names]
if { $cookie_names ne "" } {
foreach cookie $cookie_names {
HTTP::cookie httponly $cookie enable
HTTP::cookie secure $cookie enable
log local0. "The cookie $cookie was found and attributes modified."
}
}
The error I am seeing in the logs is here...
TCL error: /Common/cookie_rewrite - Improper version (line 4) invoked from within "HTTP::cookie httponly $cookie enable" ("foreach" body line 2) invoked from within "foreach cookie $cookie_names { HTTP::cookie httponly $cookie enable HTTP::cookie secure $cookie enable ..."
When I comment out the HTTP::cookie httponly $cookie enable line everything works fine and I succesfully rewrite the secure attr.
Any ideas?
- nitassEmployeei got the same error. anyway, may we try something like this?
root@ve1100(Active)(/Common)(tmos) show sys version Sys::Version Main Package Product BIG-IP Version 11.1.0 Build 1943.0 Edition Final Date Sun Nov 20 18:27:50 PST 2011 root@ve1100(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { myrule } snat automap vlans-disabled } root@ve1100(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:80 { address 200.200.200.101 } } } root@ve1100(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_RESPONSE { set cookie_names [HTTP::cookie names] if { $cookie_names ne "" } { foreach cookie $cookie_names { set cookie_value [HTTP::cookie $cookie] HTTP::cookie remove $cookie HTTP::cookie insert name $cookie value $cookie_value path / version 1 HTTP::cookie httponly $cookie enable HTTP::cookie secure $cookie enable } } } } [root@ve1100:Active] config curl -I http://200.200.200.101 HTTP/1.1 200 OK Date: Sat, 04 Feb 2012 01:05:07 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Set-Cookie: AAA=1111; path=/ Set-Cookie: BBB=2222; path=/ Set-Cookie: CCC=1234; path=/ Content-Type: text/html; charset=UTF-8 [root@ve1100:Active] config curl -I http://172.28.19.252 HTTP/1.1 200 OK Date: Sat, 04 Feb 2012 01:05:14 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 Set-Cookie: AAA=1111;Secure;HttpOnly;Path=/;Version=1; Set-Cookie: BBB=2222;Secure;HttpOnly;Path=/;Version=1; Set-Cookie: CCC=1234;Secure;HttpOnly;Path=/;Version=1;
- Matthew_HeathwaNimbostratusI have just encountered exactly the same 'Improper version ' issue with httponly.
- nitassEmployeedoesn't the irule above still work??
root@ve1110(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:80 ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool foo profiles { http { } tcp { } } snat automap vlans-disabled } [root@ve1110:Active] config curl -I http://172.28.19.252 HTTP/1.1 200 OK Date: Thu, 19 Apr 2012 03:04:31 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 Set-Cookie: BIGipServerfoo=1707657416.20480.0000; path=/ root@ve1110(Active)(/Common)(tmos) list ltm rule myrule ltm rule myrule { when HTTP_RESPONSE { set cookie_names [HTTP::cookie names] if { $cookie_names ne "" } { foreach cookie $cookie_names { set cookie_value [HTTP::cookie $cookie] HTTP::cookie remove $cookie HTTP::cookie insert name $cookie value $cookie_value path / version 1 HTTP::cookie httponly $cookie enable HTTP::cookie secure $cookie enable } } } } root@ve1110(Active)(/Common)(tmos) modify ltm virtual bar rules { myrule } root@ve1110(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.19.252:80 ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool foo profiles { http { } tcp { } } rules { myrule } snat automap vlans-disabled } root@ve1110(Active)(/Common)(tmos) quit [root@ve1110:Active] config curl -I http://172.28.19.252 HTTP/1.1 200 OK Date: Thu, 19 Apr 2012 03:05:06 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT ETag: "4183e4-3e-9c564780" Accept-Ranges: bytes Content-Length: 62 Content-Type: text/html; charset=UTF-8 Set-Cookie: BIGipServerfoo=1707657416.20480.0000;Secure;HttpOnly;Path=/;Version=1;
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects