For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rookief5_79098's avatar
rookief5_79098
Icon for Nimbostratus rankNimbostratus
Aug 27, 2010

iRule for application cookie with LTM and APM

Hello     I wonder if anyone can help. I work for a company that has just acquired some LTMs and APM module.     I have a web application that I intend to protect with APM.     We w...
application delivery
dev
devops
iRules
N_65943's avatar
N_65943
Icon for Nimbostratus rankNimbostratus
Sep 05, 2010
Hi

 

 

I have a similar requirement. At first, I thought I could use Cookie Remove - but that would probably break the session/app and not possible.

 

 

We then tried to look at maybe using the F5 to encrypt the cookie, thus securing it on the client.

 

 

However, the customer is quite sure they want it to not reside on the client at all! Therefore needing some way to use a session table + cookie "store".

 

 

Since we're looking at APM we we're thinking MRHsession cookie...

 

 

The requirement is that the two cookies from the app, one is used for Authenticaton has been accepted (so APM for example can use that in the HTTP SSO Creds for successful Auth) and the other contains something quite specific for the application...

 

 

... which is to control the session timeout of that user.

 

 

So... I think our require is like yours James.

 

 

Colin - any ideas here?

 

 

Seems to be stretching the reverse proxy function somewhat...