For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kevinmc's avatar
kevinmc
Icon for Altocumulus rankAltocumulus
Aug 24, 2017

Persistence iRule

Connections to a pool should use a non secure cookie persistence profile which I have created, unless they come from a specific list of IP addresses which need to use source address persistence   ...
application delivery
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Aug 24, 2017

Hi KevinMC,

I would recommend to use a Cookie-based persistence profile (including your desired settings) as the default profile on your Virtual Server and then use an iRule to overwrite this setting for just specific SRC-IPs...

when CLIENT_ACCEPTED { 
    if { [class match [IP::client_addr] equals addressrange] } then { 
        persist source_addr
    } else {
         Do nothing and keep the default persistence profile for this connection
    }
    pool SF-ECRPROD 
}

Cheers, Kai