Forum Discussion

Julio_Navarro's avatar
Julio_Navarro
Icon for Cirrostratus rankCirrostratus
Sep 12, 2018

Secure Cookie when the VIP is requested by IP (not URL)

Hello. I have a VIP config where the pool member is the one handling the cookie to the client. The pool member has a limitation when the client access the VIP via IP (not URL), the cookie is served ...
application delivery
cookie
irule
iRules
LTM
policy
secure
PeteWhite's avatar
PeteWhite
Icon for Employee rankEmployee
Sep 13, 2018

Currently this is setting the secure flag for all cookies and all requests. It's obviously doing the job but the scope is broad so it is using CPU.

You should have a flag in the HTTP_REQUEST event that is set to true when accessing via IP address. A good way to match IP addresses is using the class. ie put the IP address in the class and match the class in the iRule.

Something like this:

when HTTP_REQUEST {
    if { [class match -- [HTTP::host] equals host_dg] } {
        set setSecure 1
    }
}
when HTTP_RESPONSE {
    if { $setSecure } {
        foreach cookie [HTTP::cookie names] {
            HTTP::cookie secure $cookie enable
        }
    }
}