For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gus_Thompson_11's avatar
Gus_Thompson_11
Icon for Nimbostratus rankNimbostratus
Oct 29, 2007

Cookie Persistence iRule help

Greetings,     I’m in desperate need of a solution for “Cookie Insert” persistence. I have worked with F5 support for over a month now, and still have not been able to resolve our issues. So, ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 30, 2007

Posted By dennypayne on 10/29/2007 2:57 PM

 

 

EDIT: and I have not had issues with "match across" in a regular LTM environment using cookies, as long as it is set up as I described. That CR seems to only reference ASM?

 

 

Denny

 

 

 

I had a case open on this with two or three CR's associated with it. I guess I got the wrong one for "match across" functionality for LTM only. In 9.4.0, I believe the GUI still showed the options for Match Across for cookie insert support, but they didn't work. In 9.4.2, the options have been removed altogether.

 

 

Searching through my old notes, I couldn't find the case number for "match across" functionality for LTM cookie insert persistence. Anyone happen to know it?

 

 

Gus,

 

 

The example rule I added can be modified to support server-side SSL. You'd need to add a server SSL profile to the virtual server and disable port translation. Then the logic would be to disable server SSL (using 'SSL::disable serverside' in the CLIENT_ACCEPTED event) for requests made to HTTP ports. I can try updating the rule at some point this week to do this.

 

 

Also, if upgrading to 9.3 isn't an option for you at the moment, it looks like LB::status was added to 9.1.x in BIGIP-9.1.2 Hotfix4 per the wiki (Click here). Of course, upgrading to 9.3 would be a much better option as it includes more fixes than HF4 for 9.1.2.

 

 

Aaron