cookie insert

Question

So if I use the default F5 cookie, it names it like: 
&nbsp;  
&nbsp; BIGipServerMYPOOLNAME 
&nbsp;  
&nbsp; That's cool, but as a requirement from our infosec department, they want me to rename the cookie and encrypt it.  Which is fine, but we have a lot of web sites.  So I am wondering if i need to create one cookie profile per web site, or if there is a way to add a prefix to the end of the cookie like the default one. 
&nbsp;  
&nbsp; for example, could i create a new cookie, name it 
&nbsp;  
&nbsp; blah and have the f5 add the pool name to the end?  Or do I just need to create one cookie profile per site?

the_bhattman · Answer

I don't think you can alter BIGipServer. However, here is an forumn post that talks about it 
&nbsp; http://devcentral.f5.com/Default.aspx?tabid=53&amp;forumid=5&amp;postid=30710&amp;view=topic 
&nbsp;  
&nbsp; I hope this helps 
&nbsp;  
&nbsp; Bhattman

hoolio · Answer

Yes, the default cookie name is BIGipServer.  As far as I'm aware, you cannot modify the default cookie name prefix.   
&nbsp;  
&nbsp; If you set the cookie name to a custom one in a custom cookie insert persistence profile, LTM will use that explicitly for all cookies inserted.  It won't be modified to anything else based on which pool a request is load balanced to.  So if you want to customise the cookie name, you'd want to do this either with a custom cookie profile for each VIP (assuming one pool per VIP) or using an iRule.  You can specify in a custom HTTP profile a cookie name to encrypt/decrypt the value for.  You could also do the cookie encryption in an iRule. 
&nbsp;  
&nbsp; If you go the iRule route and want help, reply here for suggestions. 
&nbsp;  
&nbsp; Aaron

the_bhattman · Answer

You could also open a ticket with F5 for a feature enhancement in their next OS upgrades. 
&nbsp;  
&nbsp; Bhattman

Forum Discussion

cookie insert

3 Replies

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Strict header Insertion

Security Headers Insertion

Cookie-based DDoS protection

Insert App Cookies In Http Redirect

2. SYN Cookie: Operation