For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bryan_Lehr_1032's avatar
Bryan_Lehr_1032
Icon for Nimbostratus rankNimbostratus
Nov 29, 2006

Cookies and ASM

Hello,     I am trying to send a cookie directly to a pool w/o ASM inspection. The cookie name changes which prohibits me from simply adding it to allowed cookies. The name is "ASPSESSIONID*****...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 30, 2006
Hello,

 

 

It looks like you have a case open with support on this. I'd suggest working with them and then posting the results here once you guys figure it out.

 

 

The current behavior you're seeing is expected: if you are using an HTTP class to filter requests which contain the cookie and App Security is disabled on the class, every request with that cookie will be sent directly to the pool.

 

 

The ability to define a modified domain cookie using a regular expression has been requested in CR47126. I've attached your case to the request to have this feature built in a future version.

 

 

There are a few options for how to work around this in 9.2.3. I think it would be good to work with support to determine the best approach.

 

 

Thanks,

 

Aaron