iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)
A bunch of us have been refining approaches to help customers handle the new browser enforcement of the HTTP cookie SameSite attribute. I think we have a pretty solid approach now to handle compatib...
Published Feb 11, 2020
Version 1.0Hoolio
Ret. Employee
Joined February 06, 2020
Hoolio
Ret. Employee
Joined February 06, 2020
Nicotrel
Jan 05, 2021Nimbostratus
Good day,
Yes APM is enabled on the virtual server. We have another iRule that uses HTTP response. This was added (2/3 years ago) to fix issues opening links to this site from MS Office documents. I have removed this iRule and am still receiving the same TCL error.
when HTTP_REQUEST {
HTTP::header insert x-sap-webdisp-ap "HTTPS=443"
switch -glob -- [string tolower [HTTP::header "User-Agent"]] {
"*word*" -
"*excel*" -
"*office upload*" -
"*office existence discovery*" -
"*office protocol discovery*" -
"*soap toolkit*" -
"*ms-office*" -
"*microsoft office onenote*" -
"*webdav-miniredir*" -
"*frontpage*" -
"*msfrontpage*" - "*shareplus*" { HTTP::respond 200 } }
}
Example Errors:
Jan 4 08:45:54 <HOSTNAME> err tmm3[22340]: 01220001:3: TCL error: /Common/<IRULE_NAME> <HTTP_RESPONSE_RELEASE> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::cookie exists $cookie" ("foreach" body line 2) invoked from within "foreach cookie $named_cookies { if { [HTTP::cookie exists $cookie] } { # Remove any pre-existing SameSite attributes from this cookie as most..."
Jan 4 08:45:54 <HOSTNAME> err tmm3[22340]: 01220001:3: TCL error: <IRULE_NAME> <HTTP_RESPONSE_RELEASE> - Can't call after responding - ERR_NOT_SUPPORTED (line 29) invoked from within "HTTP::cookie exists $cookie" ("foreach" body line 2) invoked from within "foreach cookie $named_cookies { if { [HTTP::cookie exists $cookie] } { # Remove any pre-existing SameSite attributes from this cookie as most..."
Thanks,
Jason