Cookie based routing for Application Load Balancer

Question

Currently I can do routing based on HTTP headers, but am wondering if I can do routing based on a key/value i put into the cookie.  
  
https://aws.amazon.com/blogs/aws/new-advanced-request-routing-for-aws-application-load-balancers/  
  
According the the cookie example in this link, i can match based on a header cookie value "user=jeff".  
  
Then running

```
curl --cookie "user=jeff" http://TestALB-156468799.elb.amazonaws.com
```

Works. But in the real-world, cookie values are often modified or added to. For example:

```
curl --cookie "user=jeff;JESSIONID=sdf12321" http://TestALB-156468799.elb.amazonaws.com
```

Now my ALB rule does not match anymore. Am I missing something here?

Answer

This suggestion works, but some web clients may add a space between the semicolon and the next cookie.

```
"a=1; user=jeff"
```

So the wildcard rules should be something like this, since you can only have a max of 5 rules:

```
IF (all match)
Http header...
cookie
is *user=jeff;*
or user=jeff;*
or *user=jeff;
or *user=jeff;*
```

There has to be a simpler way to accomplish this.

Answer

Hi,   
 One last try, and I think I covered all of the test cases and I have just verified using the ALB.  
I created an Application Load Balancer and create the following rules:

```
IF (all match)
Http header...
cookie
is user=jeff
or user=jeff;*
or *;user=jeff
or *;user=jeff;*

For the THEN
1. Return fixed response...
Response code: 200
Content-type: text/plain
Response body: "Yay it worked"
```

I then launched Postman and tried different values for the cookies

```
Here are the successful 200 use cases:
user=jeff     - 200
user=jeff;JESSIONID=sdf12321    - 200
dog=cat;user=jeff;bird=mouse   -  200

Here are the failed 503 use cases:
user=jeff1  - 503
abuser=jeff - 503
cat=mouse;user=jeff bird=mouse - 503 (missing semicolon)
```

Hope this helps,  
-randy

Answer

or operator will mean it still matches with user=jeff1.  
  
Thanks anyway!  
  
Edited by: mkonecny84 on Sep 24, 2019 5:42 PM

Answer

Hi,  
To fulfill that specific requirement, you could have the rule ID set up as follows:

```
IF (all match)
Http header...
cookie
is user=jeff
or user=jeff;
or user=jeff
```

-randy

Answer

HI Randy, thanks for your help.  
  
This looks useful, but it would also match with user=jeff1.  
  
Ideally AWS supports key/value cookie parsing, but I might still be able to use this.

Answer

Hi,  
I have verified this works on an Application Load Balancer.  
The Http Header rules allow wild cards.  If the KEY value is "cookie", the VALUE should be changed:

```
from:
 user=jeff
to:
 *user=jeff*

This will allow your cookie to have values, such as:
  dog=cat;user=jeff;JSESSIONID=sdf12321
and this will still route to the same location when the cookie was just set to user=jeff.
```

Here is the link that describes the comparison string supporting the wildcards:

```
To add an HTTP header condition, choose Add condition, Http header. Type the name of the header and add one or more comparison strings. To save the condition, choose the checkmark icon.

The maximum size of each header name is 40 characters, the header name is case-insensitive, and wildcards are not supported. The maximum size of each comparison string is 128 characters and the following wildcard characters are supported: * and ?. The comparison is case-insensitive.
```

Hope this helps!  
-randy

Answer

Strange, this simple one also works as expected

```
Host is example.com
Http header cookie is *name=true*
```

Cookie based routing for Application Load Balancer

관련 콘텐츠