For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Siva_107534's avatar
Siva_107534
Icon for Nimbostratus rankNimbostratus
Dec 28, 2009

How to encrypt the cookies generated by LTM?

Hi All,   How to encrypt the cookie information generated by LTM in the browser, becoz   by default cookies in the browser displays the Internal Pool IP of web servers   accessed...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 11, 2010
A couple of other points I forgot:

 

 

If you use HTTP::collect you should limit the collection to the first 1Mb of payload, else you risk triggering a TMM core. See SOL6578 for details:

 

 

SOL6578: TMM will crash if an iRule collects more than 4MB of data

 

http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6578.html

 

 

And you could probably break out the payload rewriting functionality to a separate iRule as it wouldn't conflict with the cookie encryption.

 

 

Lastly, you could replace the payload collection with a stream profile and STREAM::expression iRule. The stream option should be more efficient than the payload collection. For examples of the stream option, you can check the STREAM::expression wiki page:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/stream__expression

 

 

Aaron