Forum Discussion

Phil_53695's avatar
Phil_53695
Icon for Nimbostratus rankNimbostratus
Oct 05, 2011

removing bigip and value on an encrypted cookie?

Currently when I setup an encrypted cookie via an irule and then go to view it using the development tool. Its shows me the pool name and the value if you use a simple python script can decode the backend node as well.

 

 

For instance

 

 

NAME BIGipxxxxx_xxxxvirtual_net_pool

 

VALUE 1950516234.20480.0000

 

DOMAIN 10.xxx.xx.xx

 

PATH /

 

EXPIRES At the end of the Session

 

 

How do I get the VALUE to change ans strip away any BIG info and the pool info?

 

It may not be a big threat but other shops that run F5 do not show this info.

 

 

Thanks for any insight. I have tried both encrypted methods of setting up a persistence cookie and a http profile and also an irule I found in the forum.

 

 

 

application delivery
dev
devops
iRules
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 05, 2011
    Hi Phil,

     

     

    You can create a custom cookie insert profile with the cookie name customized. The name of the pool would then not be used in the cookie name. You can then create a custom HTTP profile with the cookie name set in the cookie to encrypt field.

     

     

    Aaron
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2011
    When you say that you have tried both encrypted methods did you mean the following?:

     

     

    An overview of BIG-IP Cookie encryption is here: http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7784.html

     

     

    Things to be aware of when doing so are here (Basically don't use any "." or "-" or any other strange characters in the Cookie Name): http://support.f5.com/kb/en-us/solutions/public/12000/400/sol12472.html

     

     

  • Phil_53695's avatar
    Phil_53695
    Icon for Nimbostratus rankNimbostratus
    Oct 06, 2011
    Thanks for the reply. I have read through the article and can indeed see the cookie name but for some reason even after clearing my cache and cookies the other one remains when I view cookies using the developers tools. My goal is to get rid of the Name that has the BIGipServer info which shows the pool and also the value that can a python script can show the internal node. Perhaps I am just missing a step.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 06, 2011
    [root@iris:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:http
   ip protocol tcp
   persist mycookie
   profiles {
      myhttp {}
      tcp {}
   }
}
[root@iris:Active] config  b profile mycookie list
profile persist mycookie {
   defaults from cookie
   mode cookie
   cookie name "mycookie"
}
[root@iris:Active] config  b profile myhttp list
profile http myhttp {
   defaults from http
   cookie secret "secret"
   encrypt cookies "mycookie"
}

[root@iris:Active] config  curl -I http://172.28.17.33
HTTP/1.1 200 OK
Date: Thu, 06 Oct 2011 14:14:42 GMT
Server: Apache/2.0.59 (rPath)
Last-Modified: Sat, 11 Jun 2011 00:31:47 GMT
ETag: "667a-67-cfb682c0"
Accept-Ranges: bytes
Content-Length: 103
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: mycookie=ndCgP4r0y+1wxKUyfZlwh06Tobn5uo67AB2+wxP6RC8UO34hJ3/7237cm9JzcdRwbjH6+YmuOyRgGYc=; path=/