Forum Discussion

Altostratus

Oct 26, 2024

Enhancing Web Server Security via F5 Cookie Hash Exposure

I have a suggestion to improve web server security against CSRF attacks by leveraging the F5 load balancer's persistence cookie. Overview: - Current Functionality: F5 creates a persistence co...

CSRF Prevention

security

zamroni777

MVP

Oct 26, 2024

you can extract the client side f5 persistence cookie from http request then add it into custom http request header on server side using irules or local traffic policy.
i think the reason it is not default right now is backend web/app servers might not expect such extra request header/cookie and might treat such requests as faulty application requests.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Enhancing Web Server Security via F5 Cookie Hash Exposure

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Mitigating OWASP API Security Risk: Excessive Data Exposure using F5 BIG-IP

Quarterly Security Notification October 2025

Mitigating OWASP API Security Risk: Excessive Data Exposure using F5 XC Platform

Enhance your Application Security using Client-side signals

Enhancing BIG-IP with F5 Distributed Cloud: Automated Service Discovery for Scalable Application Delivery and Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS