Forum Discussion
Leslie_South_55
Nimbostratus
NimbostratusEncrypt the BIGip cookie + cookie insert
I have found some good examples of encrypting cookies with an iRule, but from what I read (if I am reading it correctly) it does not seem that anyone is encrypting the cookie inserted by the BIGIP itself? I use cookie_insert for persistence and a recent vulnerability assessment noted that the node and port number can be easily obtained by decoding the cookie value. Is it possible for me to encrypt the cookie that the BIGIP is inserting?
-L
hoolioCirrostratus
The BIG-IP persistence cookie should be set before the default priority HTTP_RESPONSE event, so you should be able to use HTTP::cookie encrypt to encrypt it. You'd need to decrypt it in the request so it could be read for load selection.
Aaron- If you have 9.4 or later releases, you can specify the cookie name to be encrypted/decrypted in the GUI; no rules needed.
- Can we really manipulate the LTM-set cookie via iRules?
I thought we might be able to do so in HTTP_REQUEST_SEND, but traditionally we've been unable to affect LTM-set headers.
/deb - hoolioI've set the domain on a persistence cookie before. I haven't tried modifying the persistence cookie on the request though. I would have assumed it would be possible...?
Aaron - Sounds like it, given your experience.
Didn't realize we could do that without rolling our own cookie. Good to know, thanks!
/deb
