For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Melinda_60516's avatar
Melinda_60516
Icon for Nimbostratus rankNimbostratus
Jun 05, 2015

how to setup persistence to concatenate jvmRoute with JSESSIONID to generate final SESSIONID

Hi, Can anyone help with how to setup persistence for a request as below:   We are going to be setting a "jvmRoute" variable in tomcat, and need to configure the F5 load balancer to concatenate it...
riyer_206339's avatar
riyer_206339
Icon for Nimbostratus rankNimbostratus
Mar 15, 2017

Hi Winston,

I was referring to this KB to encode the pool member information.

https://support.f5.com/csp/article/K23254150

IPv4
BIGipServer=..0000

IPv6
BIGipServer=.

During security audit we found out that our member pool information were in 'plain text' so we had to encrypt the Cookie.

Regards, Ram

  • sirwinston's avatar
    sirwinston
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2017

    But in your post you pasted an irule that has nothing to do with LTM cookie persistency. Instead it is about jsessionid persistency which happens to use a cookie as well.

     

    If you use LTM's own cookie persistency it makes sense to use cookie encryption since it contains sensitive ip information. If you use jsessionid persistency encryption does not make sense (to me).