Forum Discussion
Julio_Navarro
Cirrostratus
CirrostratusSecure Cookie when the VIP is requested by IP (not URL)
Hello. I have a VIP config where the pool member is the one handling the cookie to the client. The pool member has a limitation when the client access the VIP via IP (not URL), the cookie is served not secured. I created this iRule which one of the side effects is an increased in the CPU utilization.
when HTTP_RESPONSE {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
HTTP::cookie secure $aCookie enable
}
}
- Is this the most efficient way?
- Is there a way to use a policy vs an irule?
Thank you
J
youssef1Cumulonimbus
Hi Navaro,
You have the availlability to manage your need trough an HTTP profil.
- So create a new http profile
- in "Encrypt Cookies" fields type the cookie names for the system to encrypt.
you can set several cookies if you want.
it is a feature that is managed manually without irule. and in terms of optimization it's clear that it's more optimal.
let me know if it's clear for you
regards
PeteWhiteEmployee
Currently this is setting the secure flag for all cookies and all requests. It's obviously doing the job but the scope is broad so it is using CPU.
You should have a flag in the HTTP_REQUEST event that is set to true when accessing via IP address. A good way to match IP addresses is using the class. ie put the IP address in the class and match the class in the iRule.
Something like this:
when HTTP_REQUEST { if { [class match -- [HTTP::host] equals host_dg] } { set setSecure 1 } } when HTTP_RESPONSE { if { $setSecure } { foreach cookie [HTTP::cookie names] { HTTP::cookie secure $cookie enable } } }