encrypted cookie values

Question

Hi all, during our security scan we found our published service to be displaying cookie values as in 1st screenshot. I have follow https://support.f5.com/csp/article/K14784 but it seems we still see the Set-Cookie value. Am I missing something here ?&nbsp;
Security Scan results:
&nbsp;
http profile configuration:
&nbsp;

youssef1 · Answer

Hello,&nbsp;
We are agree that in "Encrypt Cookies" Field you enter the exact name of the cookie?
I have the impression that the name of the cookie entered in the field does not correspond to the catches seen...&nbsp;
last point, this feature allows to encrypt an application cookie and not a cookie generated by F5.&nbsp;
If you want to encrypt F5 cookie (peristence profile) you have to do it in cookie peristence profile (Local Traffic  ››  Profiles : Persistence  ››  cookie-Encryption-Required).&nbsp;
Regards&nbsp;

Forum Discussion

encrypted cookie values

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

used trial license and takeout production license

irule help - pool command and ERR_RTE Routing problem

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Credentialed Scanning - F5OS - Rseries

F5 Big-IQ read-only API username creation.

Related Content

Encrypting Cookies

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Cookie Encryption

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS