For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Luca_55898's avatar
Luca_55898
Icon for Nimbostratus rankNimbostratus
Aug 26, 2012

Performance(HTTP) Profile - cookie persistence

Hi,

 

I have a customer who is doing their own SSL encryption on their servers. So on our LTM I enabled a Performance(HTTP) VS and also enabled cookie persistence.

 

When I checked my broswer (firefox) I noticed that I was not getting a cookie from the LTM. Cookies from the BIGIP device look like BIGipServervs-............. But when looking at the site behind this VS there are none.

 

Is this something to do with the site doing their own SSL?

 

 

config
design

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Aug 27, 2012
    Hi Luca,

     

     

    Can you list the virtual server configuration and reply with the anonymized output (tmsh list ltm virtual MY_VS)? Are

     

     

    For reference, here is the list of profiles that each virtual server type supports:

     

     

    sol12272: Overview of virtual server types for BIG-IP version 10.x

     

    https://support.f5.com/kb/en-us/solutions/public/12000/200/sol12272.html

     

     

    Aaron
  • Nate_7016's avatar
    Nate_7016
    Historic F5 Account
    Aug 29, 2012
    In order to use cookie persistence the LTM has to decrypt the data so it would need the SSL key and cert. It could decrypt and re-encrypt and pass to the server if needed.

     

     

    The reason for this is that with SSL the data (HTML) is encrypted so it's not possible for the LTM to insert a cookie.
  • Nate_7016's avatar
    Nate_7016
    Historic F5 Account
    Aug 29, 2012
    Let me clarify - the LTM can't insert a cookie into encrypted data. Therefore, without the key/cert cookie persistence will notwork with HTTPS.