Environment cookies

If the mapping is configured to send environment cookies to the back-end, Airlock Microgateway adds the cookies in the table below to each back-end request.

To enable this setting in Airlock Microgateway, configure the DSL setting env_cookies to true.

 apps:  
  - virtual_host:  
      name: example
      ... 
    mappings:  
      - name: example
        entry_path:  
          value: /
        env_cookies: true

The values of the environment cookies are percent-encoded (URL encoded). The back-end must decode the values.

Table: Various basic cookies

Cookie Name

Example Value (decoded)

Description

AL_ENV_CONNECTION_ID

fPAA<...>2PCV

a unique ID for the front-end TCP connection

AL_ENV_HTTPS

on

indicates whether the request was sent encrypted

AL_ENV_MATCHING_IP_LISTS

MyIpList_16,TI:Spam Server

All IP Address Lists that have matched the client IP address, regardless of whether this was a whitelisting or blacklisting rule. The names of the matching lists are comma-separated and percent-encoded. Lists obtained through the Webroot threat intelligence service are prefixed with "TI:".

AL_ENV_REMOTE_ADDR

168.192.1.123

the IP address of the client

AL_ENV_REQUEST_ID

D79v<...>AABb

a unique request ID.

AL_ENV_ROLES

role1:600:28732,role2:300:532

the roles of the current session, with the remaining role idle timeout and the remaining role lifetime (in seconds). The value none (without remaining idle timeout/lifetime) is used if there are no roles.

AL_ENV_SESSION_ID

a83e5<...>f4db3

a unique session ID. The value none is used if there is no session ID.

AL_ENV_SESSION_TIMINGINFO

600:28651

the remaining session idle timeout and the remaining session lifetime (in seconds)

AL_ENV_SERVER_ADDR

10.1.0.56

the IP address of the virtual host that received the request

AL_ENV_SERVER_NAME

myappl.example.com

the virtual hostname that received the request

AL_ENV_SERVER_PORT

443

the port number that received the request

AL_ENV_SERVER_PROTOCOL

HTTP/1.1

the protocol name and version of the request, e.g. HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2.0

AL_ENV_SERVER_REQUEST

/applpath/show.do

the path of the request

AL_ENV_SERVER_REQUEST_QUERY

firstname=Markus&lastname=M%C3%BCller

the query string of the request.

This cookie is only sent in one-shot-requests.

AL_ENV_SESSION_TERMINATION_REASON

IdleTimeout

or

ClientFingerprinting: TOTAL_PENALTY_POINTS=800

an explanatory string on the reason why a session has ended.

Possible values are "IdleTimeout","LifetimeExceeded", "ThreadHandling", "ControlAPI", "ClientFingerprinting".

Additional arguments may be added to the value in the form of <key>=<value> pairs delimited by a colon (:). In case of "ClientFingerprinting" the total reached penalty points, leading to termination of the session, is appended as "TOTAL_PENALTY_POINTS=<INT>".

This cookie is only sent in logout propagation requests.

AL_ENV_WAF_VERSION

7.2.0

Airlock Gateway version string in the format:
"<MAJOR>.<MINOR>.<MAINTENANCE>"
where MAJOR, MINOR and MAINTENANCE are sequences of digits.

Table: Geolocation cookies

Cookie Name

Example Value (decoded)

Description

AL_ENV_GEOIP_CONTINENT

EU

the continent code of the request origin. The continent codes are listed in the description of the Geolocation redirect request action. This cookie is only sent if GeoIP information is available.

AL_ENV_GEOIP_COUNTRY

CH

the country code of the request origin. The country codes correspond to the Alpha-2 codes in the ISO 3166-1 standard. This cookie is only sent if GeoIP information is available.

AL_ENV_GEOIP_LATITUDE

47.3667

the approximate latitude of the request origin. This cookie is only sent if GeoIP information is available.

AL_ENV_GEOIP_LONGITUDE

8.55

the approximate longitude of the request origin. This cookie is only sent if GeoIP information is available.

Table: Values regarding encrypted front-end connections

Cookie Name

Example Value (decoded)

Description

AL_ENV_SSL_CIPHER

ECDHE-RSA-AES256-GCM-SHA384

the SSL/TLS cipher used for HTTPS

AL_ENV_SSL_PROTOCOL

TLSv1.2

the encryption protocol used for HTTPS, e.g. TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

AL_ENV_SSL_SESSION_ID

58ad1<...>4584b

the unique SSL/TLS session ID

Table: Values regarding client certificates

Cookie Name

Example Value (decoded)

Description

AL_ENV_SSL_CLIENT_CERT

-----BEGIN CERTIFICATE-----<...>4B==

the client certificate in PEM format, containing newlines (\n)

AL_ENV_SSL_CLIENT_I_DN

CN=CA,OU=CertDepartment,O=TrustMe<...>

the client certificate issuer distinguished name (*)

AL_ENV_SSL_CLIENT_M_SERIAL

518

the serial number of the client certificate

AL_ENV_SSL_CLIENT_M_VERSION

1

the version number of the client certificate

AL_ENV_SSL_CLIENT_S_DN

CN=Bob,OU=Airlock,O=Ergon<...>

the client certificate subject distinguished name (*)

AL_ENV_SSL_CLIENT_V_START

Oct 16 11:48:41 2013 GMT

the client certificate validity start date

AL_ENV_SSL_CLIENT_V_END

Oct 29 05:20:25 2016 GMT

the client certificate validity end date