Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Help with 11.4+ Local Traffic Policies, cookie domain mangling.

Hello. I know I can do this with an iRule - but I was hoping someone could tell me how (or if) I can do this using the new local traffic policies instead.

Briefly - I am trying to rewrite response to the client as follows:

client: GET / Host: www.example1.com

server will respond: Set-Cookie: JSESSIONID=blah; path=/

we want to change this to: Set-Cookie: JSESSIONID=blah; path=/; domain=.example1.com

... maybe I'm totally on the wrong track. I was trying with local traffic policies but couldn't figure out how to grab the domain of the host header to use to overwrite the (unset) domain portion of the response cookie. So I was content trying to just do the equivalent of if/ elsif / depending on the domain. ie: Host: www.example1.com add domain=.example1.com to the JSESSIONID returned, and so on.

Wile I can easily set a cookie or overwrite a cookie completely conditionally based on Host value - I couldn't find a way to preserve the rest of the contents while only modifying the domain.

Should I use iRules for this still? Or is there a built in primitive to do this already?

Thanks so much in advance!

0
Rate this Question
Comments on this Question
Comment made 19-Sep-2013 by Antonio Varni 129
Also - are there any good in depth tutorials and/or reference info in local traffic policies? I've read everything I could find and only seen very cursory information. Is there even a devcentral collection of policy rules?
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I'd always try to have the app admin fix the app's problem first.

Short of that, this might help you:

https://devcentral.f5.com/wiki/irules.HTTP__cookie.ashx
0
Comments on this Answer
Comment made 19-Sep-2013 by Antonio Varni 129
Thanks - I'm trying to avoid using an irule if possible.. This setup involves 4 back-end applications proxying various parts of each other to each other, with a somewhat complex ssl configuration front end. The java application server cannot dynamically set it's own cookie's domain without hacking the source. We actually have this set up using on a netscaler and are migrating it to the F5.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You can use 'domain' in context of HTTP_REQUEST to get the relevant domain information from [HTTP::host] and store it in a variable. Now you can parse the webservers response in context of HTTP_RESPONSE for the specific cookie, get it´s value, append the path information, delete the previous cookie and re-insert it.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The following code will do the job:

when HTTP_REQUEST {

    set domaininfo [domain [HTTP::host] 2]
}

when HTTP_RESPONSE {

    if {[HTTP::cookie exists JSESSIONID]} {
        set sidvalue [HTTP::cookie JSESSIONID]
        HTTP::cookie remove JSESSIONID
        HTTP::cookie insert name JSESSIONID value $sidvalue domain $domaininfo

    }
}

But I used 'domain' instead of using 'path' to manipulate the cookie string.

Image Text

0