0

I'm trying to use Citrix Netscaler to check for the existence of a specific cookie. It seems like it should be straightforward but I've had no success so far.

Specifically, I want to check for the cookie's existence in a Responder Policy and, if the cookie is not found, redirect the user to a specific page. A JavaScript script on that page will then create the cookie so that the redirect will not be triggered on the next visit. The idea is to redirect the user to a page with a message, but only once within the expiry of the cookie.

I'm comfortable with setting up Responder Polices and Actions but havent been able to get the cookie check to work as desired. I can see in Firefox developer view that the cookie is created as expected.

I'm working with a Netscaler MPX with version 10.5

I searched extensively but had no luck finding an answer that works, or at least that I understand and can apply. I also searched on the Citrix Netscaler community and read through the NS documentation.

The closest approach I was able to come up with so far is something like 

!HTTP.REQ.COOKIE.CONTAINS("myCookie")

which I had expected would see the presence of the cookie and not fire the policy due to the !. I tried with .NOT and the end of the statement instead of the ! but had no luck.

I tested that the cookies are being read by using

HTTP.REQ.COOKIE.LENGTH < or > some arbitray value

and I can see that it is properly evaluated and the logic works as expected. According to the documentation HTTP.REQ.COOKIE returns a Name/Value List with the contents of the HTTP Cookie header, so I expected .CONTAINS to evaluate to true if the cookie name was found. This doesn't seem to be the case.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
Scott C
  • 1
  • 1
  • 3
  • It's difficult to help without any idea where you've searched or what you've tried. Providing suggestions without that information entails writing a tutorial which is off-topic. Please read "[ask]" and "[mcve]", and provide us more information. – the Tin Man Aug 16 '16 at 23:11
  • I have identified the problem and wanted to update it here in case anyone else is having the same issue. The correct syntax for what I wanted to do turns out to be HTTP.REQ.COOKIE.NAMES.CONTAINS("MyCookie").NOT. I had tried this to no avail. It turns out that netscaler is not reading all of the cookies and the COOKIE.NAMES string only contains the first five or six cookies. I have tracked this down to the Web Application Firewall. With the WAF disabled everything works as expected. I'll be looking into the settings and/or opening a ticket with Citrix on this issue. Hope this is helpful. – Scott C Aug 17 '16 at 22:52
  • 1
    Please format the question for readability as it's currently very difficult to read which reduces its quality and value. If you found information that solves the problem then create an answer and select it when SO times-out the wait period. You don't need to tag sections in your text ("Additional information"). You can use `---` for a horizontal bar, but it's best to incorporate the information where you would have initially. – the Tin Man Aug 17 '16 at 23:05

2 Answers2

2

I know this is too late to reply. But this may help someone with similar query.

HTTP.REQ.COOKIE.NAMES.CONTAINS_ELEMENT("myCookie").NOT

is the expression you would be looking for. This returns true if the cookie is not present.

HTTP.REQ.COOKIE.NAMES is a list of cookie names present in the HTTP Request. HTTP.REQ.COOKIE.NAMES.CONTAINS_ELEMENT("myCookie") returns true if mycookie is present. exact string match (EQ) is preformed instead of pattern match (CONTAINS).

Vaishnavi V
  • 21
  • 4
0

I think the closest that you can get is to check for the length of value of that cookie. Try using

HTTP.REQ.HEADER(\"myCookie\").LENGTH >1
jmd_dk
  • 12,125
  • 9
  • 63
  • 94
Guna.K
  • 1
  • 1