Forum Discussion

Bryan_Lehr_1032's avatar
Bryan_Lehr_1032
Icon for Nimbostratus rankNimbostratus
Nov 29, 2006

Cookies and ASM

Hello,

 

 

I am trying to send a cookie directly to a pool w/o ASM inspection. The cookie name changes which prohibits me from simply adding it to allowed cookies. The name is "ASPSESSIONID********" where * denotes a random alphabet character.

 

 

I am experimenting with both an iRule and an HTTP Class Profile to simply forward it.

 

 

With the profile I am using a

 

match on cookie and regex - (?i)(ASPSESSIONID)([A-Z]{8}$) - this is latest syntax I am struggling with, it just seems to hate everything I try.

 

 

Not any better with iRule either, struggling with syntax and use of regex etc.

 

 

Any helpful responses greatly appreciated. Thanks a million!

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • Bryan_Lehr_1032's avatar
    Bryan_Lehr_1032
    Icon for Nimbostratus rankNimbostratus
    Nov 29, 2006
    Hello,

     

     

    This is working but not as expected, this is the second in a stack of 4 profiles, the first 2 match static content w/o application security and the next 2 match on URI with Application Security.

     

     

    What seems to be happening is once this cookie is picked up, it consistently matches the second profile and you are now free of the ASM's constraints.

     

     

    Suggestions? Looks like an iRule is needed.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2006
    Hello,

     

     

    It looks like you have a case open with support on this. I'd suggest working with them and then posting the results here once you guys figure it out.

     

     

    The current behavior you're seeing is expected: if you are using an HTTP class to filter requests which contain the cookie and App Security is disabled on the class, every request with that cookie will be sent directly to the pool.

     

     

    The ability to define a modified domain cookie using a regular expression has been requested in CR47126. I've attached your case to the request to have this feature built in a future version.

     

     

    There are a few options for how to work around this in 9.2.3. I think it would be good to work with support to determine the best approach.

     

     

    Thanks,

     

    Aaron