Forum Discussion

Daniel_Tremmel's avatar
Daniel_Tremmel
Icon for Altostratus rankAltostratus
Jun 04, 2014

APM iRule Event: insert Cookie after Logon Page

Hi all,

following situation: when a user wants to access an application server, the user has to authenticate via Active Directory. Then a cookie with the username and a random number will be added to the request and after that, the requests gets to the application server in the backend.

Logon Page via APM is working, also the ACCESS_POLICY_AGENT_EVENT, the question is how can I insert a cookie after the iRule Event in the APM Policy is triggered? "HTTP::cookie insert" is only working with HTTP_REQUEST and HTTP_RESPONSE, but if I do a 

when HTTP_REQUEST { HTTP::cookie insert name "MyCookie" value "MyValue" path "/" }

the cookie gets inserted right with loading the Logon Page, and thats too early because at this point I don't have all the information for the cookie.

best regards, Daniel

application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
LTM
security

11 Replies

Sort By
Show More
  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Jun 10, 2014

    I noticed the earlier rule though inserted the cookie to application server in the first request, there were 2 cookie headers.

    Cookie: F5_ST=1z1z1z1402414804z604800; LastMRH_Session=a66fdead;

    Cookie: MyCookie=MyValue;

    I guess, application server picked the first cookie and couldn't find the one it was looking for.

    Set-Cookie is the request to the browser to store the cookie.

    Try the amended rule. 

    when HTTP_REQUEST {
  set flag 0
  if { [HTTP::cookie MyCookie] ne "" }{
     set flag 1
  }
}
when ACCESS_ACL_ALLOWED {
  if { $flag eq 0 }{
     HTTP::header replace "Cookie" "[HTTP::header "Cookie"]; MyCookie=MyValue"
  }
}
when HTTP_RESPONSE {
  if { $flag eq 0 }{
      HTTP::header insert "Set-Cookie"  "MyCookie=MyValue;path=/"
  }
  unset flag
}