It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Cloud-to-Cloud Backup

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

Support Services

Network Security

Barracuda Web Application Firewall

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Cloud-to-Cloud Backup

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

Support Services

Network Security

Login Sign Up Contact & Support

United States – English (GMT-5)

Back to Knowledgebase

How can I rewrite the cookie path set by the backend web server on a Barracuda Web Application Firewall?

Type: Knowledgebase
Date changed: 2 years ago

Solution #00006228

Scope:
This solution applies to all Barracuda Web Application Firewall 460 and above models.

Answer:
We have to configure a response rewrite rule on WAF to achieve this.

The Response rewrite rule should have this form:

Rule Name: change_cookie_path
Sequence Number: 1
Action: Rewrite Header
Header Name: Set-Cookie
Old Value = (.)*Path=/xxx(.)*
Rewrite Value: $1Path=/ext-prefix/xxx$2
Rewrite Condition: *

Important note:

The $1 in rewrite condition will replace first occurrence of (.)* in the old value.
The $2 in rewrite condition will replace second occurrence of (.)* in the old value.
The ext-prefix value is the external URL that we need to add when cookie is going out of WAF

Example:
Set cookie done by the server: Set-Cookie: jsessionid=testing path=/xxx/dir1/

Set cookie sent by WAF after rewriting: Set-Cookie: jsessionid=testing path=/ext-prefix/xxx/dir1/

Link to this page:
https://campus.barracuda.com/solution/501600000013Le7AAE

Additional Resources

More

Print Share Page