Encrypt the name or rename the AVR cookies

Question

Hello folks:&nbsp;I have some virtual servers which have the analytics profile enabled, so I am able to collect statistics of the traffic passing through such vs. However, after performing an Ethical Hacking procedure in my infrastructure, I was requested to rename the cookies that AVR uses such us: f5_cspm=; f5avrbbbbbbbbbbbbbbbb=; f5avrbbbbbbbbbbbbbbbb or encrypt their names. Such names are visible to attackers so I need them to be changed to some less F5-descriptive ones. Here https://devcentral.f5.com/s/question/0D51T00006i7k1N/how-to-rename-cspm-cookie-name there is only the process to rename the f5_cspm cookie.  F5 says that the other cookies that start with f5avr cannot be renamed. How could achieve this requirement?&nbsp;Thanks&nbsp;

andrew-f5 · Answer

https://support.f5.com/csp/article/K14815

◘ You cannot modify a cookie name that is set by the AVR module.

◘ Beginning in BIG-IP 11.4.0, the cookie is also encrypted and should be considered safe by security scanning devices.

zev · Answer

You can most definitely use similar logic as the article points out:&nbsp;modify sys db avr.cookieprefix value "my new avr prefix"&nbsp;It is not controlled by the AVR module.

Forum Discussion

Encrypt the name or rename the AVR cookies

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Encrypting Cookies

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS