For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Siva_107534's avatar
Siva_107534
Icon for Nimbostratus rankNimbostratus
Dec 28, 2009

How to encrypt the cookies generated by LTM?

Hi All,   How to encrypt the cookie information generated by LTM in the browser, becoz   by default cookies in the browser displays the Internal Pool IP of web servers   accessed...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 11, 2010
So the encryption/decryption looks to be working in your logs. Did you get the runtime TCL error "cant read cookie: no such variable while executing HTTP::cookie value $cookie" on every request which wasn't persisted correctly? Or did that just occur when you first added the iRule?

 

 

If the encryption is working, but you're still seeing persistence failures (client request going to a server which doesn't have a session for the client), I'd guess it's due to multiple clients making requests over the same TCP connection. This can happen when users connect to the same site through a proxy. You can fix this issue by adding a OneConnect profile to the virtual server. If you're using SNAT you can use a source mask of 0.0.0.0 on the OneConnect profile. If you're not using SNAT, create a custom OneConnect profile with a source mask of 255.255.255.255. You can check this page for details on OneConnect:

 

 

http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html

 

 

Aaron