Forum Discussion

Dawei_S_300040's avatar
Dawei_S_300040
Icon for Nimbostratus rankNimbostratus
Jul 30, 2018

How to remove the ASM TS* Cookie

Hello

We tried to remove the ASM TS* Cookie with this IRule :

   HTTP_REQUEST_RELEASE    {
  set cookies [HTTP::cookie names]
  foreach aCookie $cookies {
    if {$aCookie matches_regex {^TS(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
       Remove ASM Cookies
      log local0. $aCookie
      HTTP::cookie remove $aCookie
    }
  }
}

Like is describe in this KB https://support.f5.com/csp/article/K13693

But there is nothing to do, we still have the cookie in the client side. We also tried : HTTP_RESPONSE

Can we have some help?

BIG-IP v11.6.1 (Build 2.0.338) 

Best regards

David

  • This code will not remove the cookie completely, it will only prevent the cookie from being passed on to the pool members. In other words the client will send the cookie to the Big IP and the Big IP will remove the cookie from the http header before the request is sent to the server.

     

    If you wish to remove the cookie completely, why don't you remove it from the ASM policy instead?

     

  • Hello Thanks for your answer, how can I remove it from the ASM policy ?

     

    Best Regards

     

    David

     

  • MSZ's avatar
    MSZ
    Icon for Nimbostratus rankNimbostratus

    If you remove the cookie then it might cause trigger the cookie violation if enabled.

     

  • MSZ's avatar
    MSZ
    Icon for Nimbostratus rankNimbostratus

    If you remove the cookie then it might cause trigger the cookie violation if enabled.

     

  • HTTP_REQUEST_RELEASE is fired just before the Request from the Client is being sent to the Server-side (pool member), so my understanding is that is not what you want. You want the opposite - you want ASM to stop sending TS cookies to your client, you need to use HTTP_RESPONSE_RELEASE event,e.g:

      HTTP_RESPONSE_RELEASE    {
      set cookies [HTTP::cookie names]
      foreach aCookie $cookies {
        if {$aCookie matches_regex {^TS(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
           Remove ASM Cookies
          log local0. $aCookie
          HTTP::cookie remove $aCookie
        }
      }
    }
    

    I am not quite sure about the version of BIG-IP you are using, I reported a bug in HTTP::cookie remove functionality to F5 years ago, it is likely that this will work only from version 11.6.1/12.0, a workaround was to use HTTP::header remove instead of cookie remove.