Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Gerardo_Garcia_'s avatar
Gerardo_Garcia_
Icon for Nimbostratus rankNimbostratus
Apr 08, 2008

URI conditional collecting

We are trying to replace redirects done by meta refresh with proper 302s. We are using the following example:     http://devcentral.f5.com/Wiki/default.aspx/iRules/Replace_HTTP_Refresh_With_HTTP...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 09, 2008
Can you provide more detail on what the application requires and why?

You can set a cookie in responses using HTTP::respond by adding Set-Cookie "cookie_name=cookie_value\; path=/test\; etc...". You can check the HTTP::respond wiki page (Click here) for details. Here is a quick example which issues a 302 redirect and expires a cookie:


     Send a redirect and expire the session cookie
    HTTP::respond 302 Location https://example.com/path/to/file.asp Set-Cookie "$cookie_name=null\;Expires=Thurs, 01-Jan-1970 00:00:00 GMT"

I don't think you can force a client to include an arbitrary header in a subsequent request based on any data you send in a redirect. You might be able to hack something together using javascript, but I'm not certain it's possible/the exact javascript syntax to do it.. Maybe you could you parse the cookie name/value in HTTP_REQUEST and insert the HTTP header before the request is sent to the app?

Aaron