Forum Discussion
OTS02
Cirrus
Cirrusuniversal persistence using jsessionid
Have Universal persistence set up and use this irule:
when HTTP_RESPONSE {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist add uie [HTTP::cookie "JSESSIONID"]
lo...
hooleylist
Cirrostratus
CirrostratusWell, I can't say I understand the full scenario, but... here goes anyhow.
You may want to remove the spoofed JSESSIONID cookie from requests before they're sent to the pool. You could try something like this:
when HTTP_REQUEST {
if { [HTTP::cookie "JSESSIONID"] ne ""} {
Perist on the JSESSIONID or spoofed value
persist uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail HttpRequest. Cookies: [HTTP::header values Cookie]"
Remove spoofed cookie
if {[HTTP::cookie "JSESSIONID"] starts_with "ltm_"}{
HTTP::cookie remove "JSESSIONID"
}
}
}
when HTTP_RESPONSE {
Check if the app did not set a cookie
if { [HTTP::cookie "JSESSIONID"] eq ""} {
Insert a spoofed cookie in the response for persistence
set rndumb "ltm_[expr { int(100000000 * rand()) }]"
HTTP::cookie insert name "JSESSIONID" value $rndumb"
log local0. "[IP::client_addr] assigned a random cookie, $rndumb"
Add a persistence record using the random number
persist add uie $rndumb 3600
} else {
Add a persistence record using the JSESSIONID
persist add uie [HTTP::cookie "JSESSIONID"]
log local0. "[IP::client_addr] Clairmail persistence HTTP_Response. Set-Cookies: [HTTP::header values Set-Cookie]"
}
}
Aaron