Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Using Trim to remove cookie whitespace

We are hitting an ASM violation for non-RFC compliant cookies in one app. Rather than allow all apps to use non-RFC compliant cookies (since it is a global setting) I would like to trim the space off the cookie, but having problems with the syntax. This is what I was thinking:

 when HTTP_RESPONSE {
  foreach cookie [HTTP::cookie names] {
  set cookievalue [string trim [HTTP::cookie value $cookie] " "]
  [HTTP::cookie delete name $cookie]
  [HTTP::cookie insert name $cookie value $cookievalue]
  log local0. "Succesfully trimmed cookie.  Cookie name: $cookie, new Cookie value: $cookievalue"
    }
  }

It does not seem to be trimming the white space though: new Cookie value: g4f2osqo3ovbvx2r4qhh3j55

0
Rate this Discussion
Comments on this Discussion
Comment made 01-Dec-2016 by Kai Wilke 7294

Hi T-Roy,

could you please post one of the malformated "Set-Cookie" header lines encapsulated in "" (quotes). This will help us to see where the whitespaces are sitting...

Cheers, Kai

0
Comment made 05-Dec-2016 by t-roy 66

I will get the logged info tomorrow. I am thinking a regex replace might be the easiest option for me though. Thanks!

0
Comment made 05-Dec-2016 by Kai Wilke 7294

Hi T-Roy,

TCL RegEX has compared to the various [string] commands a somewhat poor performance and should be avoided as much as possible.

Removing leading/trailing whitespaces is somewhat easy to implement even without using RegEx...

Cheers, Kai

1
Comment made 07-Dec-2016 by t-roy 66

Thanks, this was mostly just for testing, but I was able to remove the whitespace using syntax:

    foreach cookie [HTTP::cookie names] {
    [string trim [HTTP::cookie value] " "]
    }

I was trying to see if I stripped whitespace if the server would recognize the cookie (since the ASM was blocking the req with the space in there). The server set a new cookie, so testing was unsuccessful. I was able to unblock the request by:

when ASM_REQUEST_DONE {
foreach viol [ASM::violation names] {
#        log local0. "potentially blocked due to $viol"

I found the name of the violation that was blocking the application set cookie, then allowed it via:

    if {[ASM::violation names] == "VIOLATION_NOT_RFC_COOKIE"} { 
#         log local0. "Unblocked ASM violation [ASM::violation names]"
        ASM::unblock
    }
}
}

And of course asked the app owners to change the server's behavior to no longer set the non-RFC compliant cookie. I'm not holding my breath though.

0
Comment made 08-Dec-2016 by Kai Wilke 7294

Hi T-Roy,

your string trim syntax cant work, since you [string trim] your cookie values without inserting them back to the HTTP response.

Moreover I honestly belive that this syntax will result in a TCL exemption, since covering the [string trim] command in brackets will cause the TCL interpreter to simply execute the result as a TCL command.

Note: If you post one of the malformated cookies, then I'll do my best to write you a short iRule that will be able to format the cookie accordingly...

Cheers, Kai

0

Replies to this Discussion