Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

HTTP::cookie and setting flags

Jon_Gilyeat_149
Nimbostratus
Nimbostratus

I'm struggling with writing some irule logic which sets the httponly and secure flags on only the bigipserver cookies inserted by the F5 when using cookie session persistence, while not affecting any server or application inserted cookies. So far, I've had to resolve myself to creating a different irule for each VIP for which I need to perform this action, and specifying the bigip server cookie for that VIP, eg:

 

when HTTP_RESPONSE { if { [HTTP::cookie BIGipServerFoo] ne "" } { set ck_value [HTTP::cookie value BIGipServerFoo] set ck_path [HTTP::cookie path BIGipServerFoo] HTTP::cookie remove BIGipServerFoo HTTP::cookie insert name BIGipServerFoo value $ck_value path $ck_path version 1 HTTP::cookie httponly BIGipServerFoo enable HTTP::cookie secure BIGipServerFoo enable } }

BigIP server cookie flags are set appropriately, application cookies are left alone, everyone is happy, apps don't break. Surely there must be some way to do this without manually picking out the cookies I want changed.

 

3 REPLIES 3

Jon_Gilyeat_149
Nimbostratus
Nimbostratus

Tried this and it doesn't really work either:

 

when HTTP_RESPONSE { if { [HTTP::cookie starts_with "BIGipServer"] } { set ck_names [HTTP::cookie names] foreach aCookie $ck_names { HTTP::cookie remove $aCookie HTTP::cookie insert name $aCookie value $aCookie path / version 1 HTTP::cookie httponly $aCookie enable } }

cjunior
Nacreous
Nacreous
when HTTP_RESPONSE { set ck_names [HTTP::cookie names] foreach ck_name $ck_names { if { [string tolower $ck_name] starts_with "bigipserver" } { set ck_value [HTTP::cookie value $ck_name] set ck_path [HTTP::cookie path $ck_name] HTTP::cookie remove $ck_name HTTP::cookie insert name $ck_name value $ck_value path $ck_path version 1 HTTP::cookie httponly $ck_name enable } } }

Jon_43169
Nimbostratus
Nimbostratus

We have an ASM module, but we've not deployed it yet.

 

After spending some time beating on it a bit more, I've managed to sort it out:

 

when HTTP_RESPONSE { set ck [HTTP::header values "Set-Cookie"] foreach acookie $ck { if {$acookie starts_with "BIGipServer"} { HTTP::header replace "Set-Cookie" "${acookie}; HttpOnly" } } }