Untitled

TCL error: Rule Enterprise_F5_Fix_with_E35-THD_cookie_encrypt HTTP_REQUEST - cant read cookie: no such variable while executing HTTP::cookie value $cookie


when CLIENT_ACCEPTED {
   # Define an AES encryption key. A 128 bit (or larger) key is recommended.
   # You can use a key generator, or create your own using only HEX characters.
   set aes_key "63544a5e7178677b45366b4140"

   # Name of the cookie to encrypt/decrypt
   set cookie "app_cookie"

   # Log debug messages to /var/log/ltm?  1=yes, 0=no.
   set cookie_encryption_debug 0
}
when HTTP_REQUEST {
   # If the error cookie exists with any value, for any requested object, try to decrypt it
   if {[string length [HTTP::cookie value $cookie]]}{

      if {$cookie_encryption_debug}{log local0. \
         "Original error cookie value: [HTTP::cookie value $cookie]"}

      # URI decode the value (catching any errors that occur when trying to
      # decode the cookie value and save the output to cookie_uri_decoded)
      if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{

         # Log that the cookie was URI decoded
         if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}

         # Decrypt the value
         if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{

            # Log the decrypted cookie value
            if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
         } else {

            # URI decoded value couldn't be decrypted.
         }
      } else {
         # Cookie value couldn't be URI decoded
      }
   } else {
      # Cookie wasn't present in the request
   }
	if {[HTTP::uri] ends_with ".asmx?WSDL"}{
		set rewrite 1
		if { [HTTP::version] eq "1.1" } {
			HTTP::version "1.0"
		}
	} else {
		set rewrite 0
	}
	switch [getfield [string tolower [HTTP::uri]] "/" 2] {
	         appe21test {pool test.app_EE_20 }
                  appe21 { pool www.company.com_e20 }
                  appe30 { pool www.company.com_e30 }
                  appe30test { pool www.company.com_e30test }
                  se08q4 { pool www.company.com_08q4 }

              }
}
when HTTP_RESPONSE {
   # Check if response contains an error cookie with a value
   if {[string length [HTTP::cookie value $cookie]] > 0}{

      # Log the original error cookie value from the app
      if {$cookie_encryption_debug}{log local0. \
         "Response from app contained our cookie: [HTTP::cookie value $cookie]"}

      # Encrypt the cookie value so the client can't change the value
      HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]

      # Log the encoded and encrypted error cookie value
      if {$cookie_encryption_debug}{log local0. \
        "Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
   }
	if {$rewrite == 1}{
		# collect payload for URI replacement
		if {[HTTP::header exists Content-Length]}{
			set clength [HTTP::header Content-Length]
		} else {
			set clength 4294967295
		}
		if { !($clength == 0) } {
			HTTP::collect $clength
		}
	}
}
when HTTP_RESPONSE_DATA {
	set payload [HTTP::payload]
	regsub -all {(<soap:address location=\")(http://)(.*?\.asmx)} $payload "\\1https://\\3" payload
	HTTP::payload replace 0 [HTTP::payload length] $payload
	HTTP::release
}