Environment cookies

If the mapping is configured to send environment cookies to the back-end, Airlock Microgateway adds the cookies in the table below to each back-end request.

To enable this setting in Airlock Microgateway, configure the DSL setting env_cookies to true.

 apps:  
  - virtual_host:  
      name: example
      ... 
    mappings:  
      - name: example
        entry_path:  
          value: /
        env_cookies: true

The values of the environment cookies are percent-encoded (URL encoded). The back-end must decode the values.

Cookie Name
Example Value (decoded)
Description
AL_ENV_CONNECTION_ID
fPAA<...>2PCV
a unique ID for the front-end TCP connection
AL_ENV_HTTPS
on
indicates whether the request was sent encrypted
AL_ENV_MATCHING_IP_LISTS
MyIpList_16,TI:Spam Server
All IP Address Lists that have matched the client IP address, regardless of whether this was a whitelisting or blacklisting rule. The names of the matching lists are comma-separated and percent-encoded. Lists obtained through the Webroot threat intelligence service are prefixed with "TI:".
AL_ENV_REMOTE_ADDR
168.192.1.123
the IP address of the client
AL_ENV_REQUEST_ID
D79v<...>AABb
a unique request ID.
AL_ENV_ROLES
role1:600:28732,role2:300:532
the roles of the current session, with the remaining role idle timeout and the remaining role lifetime (in seconds). The value none (without remaining idle timeout/lifetime) is used if there are no roles.
AL_ENV_SESSION_ID
a83e5<...>f4db3
a unique session ID. The value none is used if there is no session ID.
AL_ENV_SESSION_TIMINGINFO
600:28651
the remaining session idle timeout and the remaining session lifetime (in seconds)
AL_ENV_SERVER_ADDR
10.1.0.56
the IP address of the virtual host that received the request
AL_ENV_SERVER_NAME
myappl.example.com
the virtual hostname that received the request
AL_ENV_SERVER_PORT
443
the port number that received the request
AL_ENV_SERVER_PROTOCOL
HTTP/1.1
the protocol name and version of the request, e.g. HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2.0
AL_ENV_SERVER_REQUEST
/applpath/show.do
the path of the request
AL_ENV_SERVER_REQUEST_QUERY
firstname=Markus&lastname=M%C3%BCller
the query string of the request.
This cookie is only sent in one-shot-requests.
AL_ENV_SESSION_TERMINATION_REASON
IdleTimeout
or
ClientFingerprinting: TOTAL_PENALTY_POINTS=800
an explanatory string on the reason why a session has ended.
Possible values are "IdleTimeout","LifetimeExceeded", "ThreadHandling", "ControlAPI", "ClientFingerprinting".
Additional arguments may be added to the value in the form of <key>=<value> pairs delimited by a colon (:). In case of "ClientFingerprinting" the total reached penalty points, leading to termination of the session, is appended as "TOTAL_PENALTY_POINTS=<INT>".
This cookie is only sent in logout propagation requests.
AL_ENV_WAF_VERSION
7.2.0
Airlock Gateway version string in the format:
"<MAJOR>.<MINOR>.<MAINTENANCE>"
where MAJOR, MINOR and MAINTENANCE are sequences of digits.
Table 3: Various basic cookies
Cookie Name
Example Value (decoded)
Description
AL_ENV_GEOIP_CONTINENT
EU
the continent code of the request origin. The continent codes are listed in the description of the Geolocation redirect request action. This cookie is only sent if GeoIP information is available.
AL_ENV_GEOIP_COUNTRY
CH
the country code of the request origin. The country codes correspond to the Alpha-2 codes in the ISO 3166-1 standard. This cookie is only sent if GeoIP information is available.
AL_ENV_GEOIP_LATITUDE
47.3667
the approximate latitude of the request origin. This cookie is only sent if GeoIP information is available.
AL_ENV_GEOIP_LONGITUDE
8.55
the approximate longitude of the request origin. This cookie is only sent if GeoIP information is available.
Table 4: Geolocation cookies
Cookie Name
Example Value (decoded)
Description
AL_ENV_SSL_CIPHER
ECDHE-RSA-AES256-GCM-SHA384
the SSL/TLS cipher used for HTTPS
AL_ENV_SSL_PROTOCOL
TLSv1.2
the encryption protocol used for HTTPS, e.g. TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
AL_ENV_SSL_SESSION_ID
58ad1<...>4584b
the unique SSL/TLS session ID
Table 5: Values regarding encrypted front-end connections
Cookie Name
Example Value (decoded)
Description
AL_ENV_SSL_CLIENT_CERT
-----BEGIN CERTIFICATE-----<...>4B==
the client certificate in PEM format, containing newlines (\n)
AL_ENV_SSL_CLIENT_I_DN
CN=CA,OU=CertDepartment,O=TrustMe<...>
the client certificate issuer distinguished name (*)
AL_ENV_SSL_CLIENT_M_SERIAL
518
the serial number of the client certificate
AL_ENV_SSL_CLIENT_M_VERSION
1
the version number of the client certificate
AL_ENV_SSL_CLIENT_S_DN
CN=Bob,OU=Airlock,O=Ergon<...>
the client certificate subject distinguished name (*)
AL_ENV_SSL_CLIENT_V_START
Oct 16 11:48:41 2013 GMT
the client certificate validity start date
AL_ENV_SSL_CLIENT_V_END
Oct 29 05:20:25 2016 GMT
the client certificate validity end date
Table 6: Values regarding client certificates