Forum Discussion

Nik's avatar
Nik
Icon for Cirrus rankCirrus
Aug 15, 2014

asm application security policy cookie

i'm just getting started with asm and when creating an application security policy i've noticed that there's a new cookie injected into all http responses, for example:

 

Set-Cookie: TS01bf46b0=01e02e1a4b9a87f8a0befad67c4b362104780eaffa6c9a782f84ea35f7b17c134954a639857fd90575e95454f7baff327824d811d3; Path=/

 

this causes a complication with CDNs that sit in front of some of my applications as (by default) they do not cache responses containing cookies. while i can manually work around this i'd prefer to find out more about this cookie and remove if needed. could anyone help out?

 

6 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Nick. You'll need an irule. http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13693.html

     

  • i added that to the irule associated with the vip with no luck - the asm cookie doesn't show up in the response cookies.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    My understanding is the asm will re-add the token on the response from asm to client. Does it not? I'd have to check my lab to confirm tho. Does it successfully remove the Cookie from the asm to server?

     

  • client --> asm --> server (not sure) server --> asm --> client (cookie exists)

     

    i'll need to look at the backend server to see if it's receiving the cookie but i doubt it's the server sending the cookie.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    With that irule I would expect the flow to be:

     

    client (TS cookie) --> asm --> server (no TS cookie), server (no TS cookie) --> asm --> client (new TS cookie)

     

  • that seems right with the adjustment of the first step - the client doesn't necessarily have a cookie already - if i do a fresh curl i'll get a ts cookie back from asm.