Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jan 22, 2026

AppWorld DC Booth Kiosk Generator

Welcome to AppWorld, community! You may or may not be with us in person, but you can watch this thread for iRules that are either generated or described by the Distributed Cloud AI Assistant.
application delivery
dc kiosk
irules
JimmyPackets's avatar
JimmyPackets
Icon for Cirrus rankCirrus
Mar 11, 2026

iRule Explanation - from the iRules Toolbox

Source: cookie_encryption_gateway.txt

when CLIENT_ACCEPTED priority 500 {
  # Exposed passphrase, but this key can be synchronized to the peer LTM
  set PASSPHRASE "secret"
  # Private passphrase, but it isn't synchronized.  On LTM failover to
  # its peer, applications relying on the encrypted cookies will break.
  # set passphrase [AES::key]
}
when HTTP_REQUEST priority 500 {
  foreach { cookieName } [HTTP::cookie names] {
    HTTP::cookie decrypt $cookieName $PASSPHRASE
  }
}
when HTTP_RESPONSE priority 500 {
  foreach { cookieName } [HTTP::cookie names] {
    HTTP::cookie encrypt $cookieName $PASSPHRASE
  }
}

Explanation (generated by F5 Distributed Cloud AI Assistant):


Objective
• Define a shared passphrase on connection setup.
• Decrypt all HTTP cookies arriving from clients.
• Encrypt all HTTP cookies sent back in responses.
• Ensure backend sees plaintext cookies while clients store encrypted ones.

Execution Flow
• when CLIENT_ACCEPTED priority 500
– set PASSPHRASE "secret" establishes a cookie encryption key per connection (see set command docs).
• when HTTP_REQUEST priority 500
– [HTTP::cookie names] returns all cookie names.
– HTTP::cookie decrypt $cookieName $PASSPHRASE decrypts each cookie before passing to the server.
• when HTTP_RESPONSE priority 500
– [HTTP::cookie names] again lists all cookies (including newly set ones).
– HTTP::cookie encrypt $cookieName $PASSPHRASE encrypts each cookie before sending to the client.


Overall summary: This iRule transparently decrypts client cookies for internal use and re-encrypts them on the way back, using a static passphrase initialized at connection time.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.