Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iRule When HTTP Response Behavior

I'm trying to do a thing where if the F5 detects that the pool does not have active members, it will redirect the users to a specific URL but in addition it will also delete a session cookie.

I learnt from another question here on DevCentral that the HTTP::cookie remove needs to be used in the HTTP Response section for it to remove cookies from the user's browser.

So the question is, would the HTTP::respond command triggered from the iRule also trigger the when HTTP_RESPONSE section of the same iRule?

when HTTP_REQUEST {
  ...
  if { [active_members http_pool] = 0 } {
    HTTP::respond 302 noserver location "https://www.mywebsite.com"
    set pool_status "nomember"
  }
}

when HTTP_RESPONSE {
  if { $pool_status eq "nomember" } {
    HTTP::cookie remove "sessionID"
  }
}
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

The remove command will remove the cookie from the response, not ask the client to remove it from it’s cache...

To remove a cookie from client cache, you must set an expiration time before current time... the best practice is to set it to 1970!

when HTTP_REQUEST {
  ...
  if { [active_members http_pool] = 0 } {
    HTTP::respond 302 noserver location "https://www.mywebsite.com" Set-Cookie "sessionID=path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT"
  }
}
1
Comments on this Answer
Comment made 1 week ago by adam88 114

Nice! I looked up on the Wiki and did some extensive Googling and it does seem like this is the only way - to set the cookie to 1 Jan 1970. Couldn't find the exact syntax to set the cookie expiry in the HTTP:respond line until I saw your message.

My current iRule actually sets a session cookie by not specifying an expiry time, and I see on the Developer Mode of the browser that the cookie expiry is actualy 1969 which apparently is equal to -1 of UNIX time - and this doesn't actually delete the cookie from the browser.

I guess setting it to 1 Jan 1970 is the way to make the -1 become 0 and cause the browser to delete the cookie. Thanks for the line - I'll try this out!

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There is an example of how to do this at: https://devcentral.f5.com/wiki/iRules.HTTP__respond.ashx.

0
Comments on this Answer
Comment made 1 week ago by Jie 2722

You can set the cookie value to an empty value, effectively removing that cookie from the user's browser.

0
Comment made 1 week ago by adam88 114

Okay so I see that the Wiki page says that the when HTTP_RESPONSE portion will not be triggered if I do a HTTP::respond under the HTTP Request section.

From Wiki: The BIG-IP will send the response as soon as the current iRule event completes, so you cannot alter the response in other HTTP iRule events.

So it looks like the only way is to set a cookie with the same name but with some other data.

Any idea how to set the Cookie expiry in the HTTP:respond line?

0