10-13-2010 11:42 AM
I am trying to upgrade my ACE Modules from A2(1.3) to A2(3.2) . Unfortunately, the cookie parsing breaks when there are illegal characters and causes a connection reset (RST) when there is an invalid cookie, but only on code later than A2(1.3).
The cookie in question is being passed by a third party so making them change the cookie is not necessarily do-able. The cookie has the following value:
Cookie: CurrentUser={"UserKey":{"Key":"anonymous"},"LastUpdated":"10/13/2010 1:35:52 PM"}
We are using the following parameter map:
parameter-map type http CASE_PARAM
case-insensitive
persistence-rebalance
set header-maxparse-length 20480
length-exceed continue
On the older code, the request is passed on to the server.
Is there a setting similar to "length-exceed continue" that I can give the ACE to tell it to ignore cookies it cannot parse?
10-14-2010 01:12 AM
Do you have HTTP inspection configured ? If yes, you need to remove it.
Does your serverfarm has a 'class-default' ? if not you need to create one so that it can handle parse errors.
Gilles.
10-14-2010 09:12 AM
HTTP inspection is not enabled.
Did you mean adding a class-default to the policy-map?
Adding it to the policy-map does make it match the class-default. Unfortunately, cookie parse errors result in the inability to parse both the cookie and the host header as well. It seems that rather than just failing to parse the cookie and being unable to do sticky matching - it completely fails the entire header parsing.
Here's our setup:
rserver host test1
ip address 192.168.1.101
inservice
rserver host test2
ip address 192.168.1.102
inservice
rserver host test3
ip address 192.168.1.103
inservice
rserver host test4
ip address 192.168.1.104
inservice
serverfarm host auto
probe HTTP-diagnostic
rserver test1
inservice
rserver test2
inservice
serverfarm host news
probe HTTP-diagnostic
rserver test3
inservice
rserver test4
inservice
sticky http-cookie autoCookie auto-cookie
cookie insert browser-expire
replicate sticky
serverfarm auto
sticky http-cookie newsCookie news-cookie
cookie insert browser-expire
replicate sticky
serverfarm news
class-map type http loadbalance match-any auto
2 match http header Host header-value "www.auto.local"
3 match http header Host header-value "auto.local"
class-map type http loadbalance match-any news
2 match http header Host header-value "www.news.local"
3 match http header Host header-value "news.local"
class-map match-all prod_VIP
2 match virtual-address XXX.XXX.XXX.XXX tcp eq www
policy-map type loadbalance first-match prod_POLICY
class auto
sticky-serverfarm auto-cookie
class news
sticky-serverfarm news-cookie
class class-default
sticky-serverfarm auto-cookie
policy-map multi-match aggregate-slb-apps
class prod_VIP
loadbalance vip inservice
loadbalance policy prod_POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise
appl-parameter http advanced-options CASE_PARAM
10-15-2010 01:38 AM
Under the class-default configure a simple serverfarm.
When there is a parse error, ace falls back to L4 mode so it stops parsing and just tries to do a normal loadbalancing operation if one is available.
What has changed in later version is that now the "," is considered as a cookie separator (as defined in RFC).
Therefore, the cookie is splitted in 2 at the coma and the part following the coma is considered invalid.
If possible, try to change the cookie on the server since this cookie is illegal per RFC anyway.
Gilles
02-23-2011 10:58 AM
Bringing back up an old thread, but it looks like A2 (3.3) has a fix for this.
Will cookie-error-ignore fix my issue here?
03-16-2017 09:54 AM
very helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide