Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE A2(2.3) and Set-Cookie header rewrite not working

Hello,

I am trying to append "; secure; HttpOnly" string to Set-Cookie headers.

I can append to Server header but Set-Cookie is not modified by ACE!

action-list type modify http set-cookie-security
  header rewrite response Set-Cookie header-value "(.*)" replace "%1; secure; HttpOnly"
  header rewrite response Server header-value "(.*)" replace "%1; FD Core"

I am also using cookie sticky:

sticky http-cookie SERVER10 help.opsett.invalid-443
  cookie insert browser-expire
  serverfarm help.oppsett.invalid-443

The Server header modification is not needed, but here so I am convinced I have the right syntax.

Is rewriting Set-Cookie responses possible?

--

Kai

3 REPLIES
Cisco Employee

Re: ACE A2(2.3) and Set-Cookie header rewrite not working

You can't modify the set-cookie inserted by the ACE itself if that's what you're trying to do.

Gilles.

New Member

Re: ACE A2(2.3) and Set-Cookie header rewrite not working

No, it is not needed to modify ACE generated cookie.

Unfortunately the code shown does not modify server generated Set-Cookie headers either (action 1).

It modifies the server generated Server -header (action 2).

Kai

Cisco Employee

Re: ACE A2(2.3) and Set-Cookie header rewrite not working

I set this up in the lab and it works, there would be 2 Set-Cookie headers in the response one for the ace inserted cookie and the second for the server cookie. the server cookie is rewritten.

Is the server doing the set-cookie in the response to the first request of the tcp connection or in response to a subsequent request ? if it is in a response to a request other than the first request then you would need a parameter map (http) configured with "header modify per-request"

packet capture would be useful if not https.

1031
Views
0
Helpful
3
Replies