Forum Discussion

Cirrus

Oct 12, 2023

F5 LTM cookie persistence encryption issue

folks, what is the default behaviour when cookie encrytion enabled, set to required. we know the client->F5 cookie is encrypted, how about F5->server?. i could see the cookie is decrypted in the cap...

application delivery

security

Mohamed_Ahmed_Kansoh

MVP

Hi Prakin ,

You can try the prefered option , it means bigip accepts both encrypted and decrypted cookies.

I have another question :
is this virtual server has ( 2 IPs " 10.10.10.10 & 20.20.20.20 " ) you created it by address list ??!
I need more clarification here , you can draw your flow as well and show me.

Prakin

Cirrus

Oct 13, 2023

sorry my bad, the flow would as below.

client - > F5 VIP(1.1.1.1) -> webserver (10.10.10.10, 20.20.20.20) -> kong -> F5 VIP(1.1.1.1) -> application server (10.10.10.10, 20.20.20.20).

kong -> F5 VIP(1.1.1.1) : this is where the cookie is seen unencypted and and F5 is expecitng encrypted cookie. so it can't find, thus its treating as new connection and load balanced to new server.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 LTM cookie persistence encryption issue

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypting Cookies

Cookie Encryption

Decoding the IPv4 address from the persistence cookie

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS