Forum Discussion

Lorenzo_55525's avatar
Lorenzo_55525
Icon for Nimbostratus rankNimbostratus
Oct 08, 2012

Ltm v10.2 Remove HttpOnly from cookie

Hi All,

 

i need a help about removing "HttpOnly" from a cookie.

 

I got this cookie below and i would like to remove HttpOnly from it.

 

Set-Cookie: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/; HttpOnly

 

i tried with stream profile with no success.

 

Here is the code of streamprofile

 

 

profile stream stream_http_only {

 

defaults from stream

 

source "HttpOnly"

 

target none

 

}

 

 

i tried also with irule below but no success again.

 

 

when HTTP_RESPONSE {

 

 

Check if there are any Set-Cookie headers

 

if {[HTTP::header exists "Set-Cookie"]}{

 

 

Loop through each Set-Cookie header remove the HttpOnly option

 

foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {

 

 

log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: [HTTP::header value $a_set_cookie_value], \

 

updated value [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]"

 

HTTP::header replace Set-Cookie [string map -nocase {HttpOnly ""} [HTTP::header value $a_set_cookie_value]]

 

}

 

}

 

}

 

 

 

Log from this irule is

 

 

Oct 4 12:07:10 local/tmm info tmm[4931]: Rule irule_rem_http_only : 10.130.102.92:44306: Current Set-Cookie value: , updated value

 

Oct 4 12:07:10 local/tmm info tmm[4931]: Rule irule_rem_http_only : 10.130.102.92:44306: Current Set-Cookie value: , updated value

 

 

Please help me.

 

3 Replies

  • can you try something like this?

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_RESPONSE {
       if {[HTTP::header exists "Set-Cookie"]}{
          foreach a_set_cookie_value [HTTP::header values "Set-Cookie"] {
             log local0. "[IP::client_addr]:[TCP::client_port]: Current Set-Cookie value: $a_set_cookie_value, \
             updated value [string map -nocase {"; HttpOnly" ""} $a_set_cookie_value]"
             HTTP::header replace "Set-Cookie" [string map -nocase {"; HttpOnly" ""} $a_set_cookie_value]
          }
       }
     }
    }
    
     on client
    
    [root@centos251 ~] curl -I http://172.28.19.79
    HTTP/1.1 200 OK
    Date: Mon, 08 Oct 2012 16:59:12 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Set-Cookie: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/
    Connection: close
    Content-Type: text/html; charset=UTF-8
    
     on bigip
    
    [root@ve10:Active] config  tail -f /var/log/ltm
    Oct  9 00:42:41 local/tmm info tmm[31087]: Rule myrule : 172.28.19.251:42446: Current Set-Cookie value: JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/; HttpOnly,  updated value JSESSIONID=PppHQh1V51nRpcH0QJJNsldV0sjLcFKzndTd2PhGMKNp20nHprzd!1975339553; path=/
    
    
  • Nice work Nitass. Note that you can do this natively on v11:

     

     

    v11 Additions/Changes:

     

    HTTP::cookie httponly < name > [enable|disable]

     

     

    Aaron