Forum Discussion

ptate_72056's avatar
ptate_72056
Icon for Nimbostratus rankNimbostratus
Jan 23, 2009

Persistence cookies and security

Hi Everyone,

 

 

We've recently had a security audit reveal that the BigIP persistence cookie contains the IP address and the port of the node the user connected to.

 

 

I can see why this is required from a BigIP point of view but is there any way of securing this information, bar not using cookie-based persistence.

 

 

Many thanks in advance,

 

 

Phill
config
design
  • James_Quinby_46's avatar
    James_Quinby_46
    Historic F5 Account
    Jan 27, 2009
    What version of LTM code are you running? You may be able to encrypt cookies. See:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/EncryptingCookies.html