Forum Discussion
Best Solution For Unencrypted Cookies
Unencrypted Cookies: The Hidden Gateway for Cyber Reconnaissance in F5 BIG-IP Systems.
Just want to ask the best solution.
1. Configuring cookie encryption within the HTTP profile :https://my.f5.com/manage/s/article/K14784
2. Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile :https://my.f5.com/manage/s/article/K23254150
If using HTTP profile. When applied to the virtual server. with HTTP Profile need to apply ?
1. HTTP Profile (Client)
2. HTTP Profile (Server)
But Currently, we using HTTP Profile(Client) for x-forwarded-for. Can we using HTTP Profile(Server)?
If using persistence cookies, we already have the default Persistence profile by "source_addr" so need to change to cookie encryption ?
What other solution to solve this?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com