Forum Discussion
jerm1020_254086
Jun 20, 2016Nimbostratus
Setting cookie levels
During a review of www.testtest.com cookies for potential RWD checkout render we noticed that the F5 LTM and ASM cookies seem to be FQDN based (e.g., www.testtest.com) versus Top Level Domain based (...
Yann_Desmarest
Jun 20, 2016Cirrus
Hi,
In general, I prefer to have a VS layered VS architecture.
You apply the following irule to the Frontend VS :
when CLIENT_ACCEPTED {
virtual virtual_server_name
}
Then, on the same irule, you can change the domain of desired cookies :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
You may also need to restrict to certain cookies only :
when HTTP_RESPONSE {
foreach mycookie [HTTP::cookie names] {
if { [class match $mycookie REWRITABLE_COOKIES] } {
HTTP::cookie domain $mycookie ".testtest.com"
}
}
}
Where REWRITABLE_COOKIES is a datagroup of type string.
- jerm1020_254086Jun 20, 2016Nimbostratusahh, so not to sound like a moron, just replace "virtual_server_name" with my actual VS name? I'm very new to irules and kind of thrown into this so I apologize. also Also, I thought that through previous audits that our LTM and ASM cookies were marked as secure and http-only with the obviously exception of the TS cookies. Is their a way to validate this? or a place to find it? I'm going crazy over here with all these F5 requests for a newbie
- Yann_DesmarestJun 20, 2016CirrusYes, define a frontend VS and assign this irule. "virtual_server_name" must be replaced by your internal VS name (today your actual existing VS)
- Yann_DesmarestJun 20, 2016CirrusYou can validate that Secure and httpOnly by doing requests and inspecting response for Set-Cookie header containing header names used for lb persistence, asm, apm,...
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects