sarlith_140589
Oct 08, 2014Nimbostratus
Cookie Encryption issue, lots of errors
Hello! My F5 event logs are filled with the following message, and I can't figure out why:
TCL error: /Common/CookieEnrcypt - list element in quotes followed by ":null" instead of space while executing "lsearch -all -inline [HTTP::cookie names] $static::ck_pattern"
I've searched through other threads and nothing seems similar enough to help me. I'm not super with coding but have been using F5 for six months or so. Here is the iRule generating the error...a simple script to encrypt our cookies I pulled from this site. It seems to be working okay, the cookies are encrypted, but my logs are slamming me hard. Any insight would be appreciated.
when RULE_INIT {
Cookie name prefix
set static::ck_pattern "BIGipServer*"
Log debug to /var/log/ltm? 1=yes, 0=no)
set static::ck_debug 0
Cookie encryption passphrase
Change this to a custom string!
set static::ck_pass "XXXXX"
}
when HTTP_REQUEST {
if {$static::ck_debug}{log local0. "Request cookie names: [HTTP::cookie names]"}
Check if the cookie names in the request match our string glob pattern
if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
We have at least one match so loop through the cookie(s) by name
if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
foreach cookie_name $cookie_names {
Decrypt the cookie value and check if the decryption failed (null return value)
if {[HTTP::cookie decrypt $cookie_name $static::ck_pass] eq ""}{
Cookie wasn't encrypted, delete it
if {$static::ck_debug}{log local0. "Removing cookie as decryption failed for $cookie_name"}
HTTP::cookie remove $cookie_name
}
}
when RULE_INIT {
Cookie name prefix
set static::ck_pattern "BIGipServer*"
Log debug to /var/log/ltm? 1=yes, 0=no)
set static::ck_debug 0
Cookie encryption passphrase
set static::ck_pass "XXXXX"
}
when HTTP_REQUEST {
if {$static::ck_debug}{log local0. "Request cookie names: [HTTP::cookie names]"}
Check if the cookie names in the request match our string glob pattern
if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
We have at least one match so loop through the cookie(s) by name
if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
foreach cookie_name $cookie_names {
Decrypt the cookie value and check if the decryption failed (null return value)
if {[HTTP::cookie decrypt $cookie_name $static::ck_pass] eq ""}{
Cookie wasn't encrypted, delete it
if {$static::ck_debug}{log local0. "Removing cookie as decryption failed for $cookie_name"}
HTTP::cookie remove $cookie_name
}
}
if {$static::ck_debug}{log local0. "Cookie header(s): [HTTP::header values Cookie]"}
}
}
when HTTP_RESPONSE {
if {$static::ck_debug}{log local0. "Response cookie names: [HTTP::cookie names]"}
Check if the cookie names in the request match our string glob pattern
if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
We have at least one match so loop through the cookie(s) by name
if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
foreach cookie_name $cookie_names {
Encrypt the cookie value
HTTP::cookie encrypt $cookie_name $static::ck_pass
}
if {$static::ck_debug}{log local0. "Set-Cookie header(s): [HTTP::header values Set-Cookie]"}
}
}
}
}
when HTTP_RESPONSE {
Check if the cookie names in the request match our string glob pattern
if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
We have at least one match so loop through the cookie(s) by name
foreach cookie_name $cookie_names {
Encrypt the cookie value
HTTP::cookie encrypt $cookie_name $static::ck_pass
}
}
}