Forum Discussion

Phil_53695's avatar
Icon for Nimbostratus rankNimbostratus
Oct 05, 2011

removing bigip and value on an encrypted cookie?

Currently when I setup an encrypted cookie via an irule and then go to view it using the development tool. Its shows me the pool name and the value if you use a simple python script can decode the backend node as well.



For instance



NAME BIGipxxxxx_xxxxvirtual_net_pool


VALUE 1950516234.20480.0000






EXPIRES At the end of the Session



How do I get the VALUE to change ans strip away any BIG info and the pool info?


It may not be a big threat but other shops that run F5 do not show this info.



Thanks for any insight. I have tried both encrypted methods of setting up a persistence cookie and a http profile and also an irule I found in the forum.




5 Replies

  • Hi Phil,



    You can create a custom cookie insert profile with the cookie name customized. The name of the pool would then not be used in the cookie name. You can then create a custom HTTP profile with the cookie name set in the cookie to encrypt field.



  • When you say that you have tried both encrypted methods did you mean the following?:



    An overview of BIG-IP Cookie encryption is here:



    Things to be aware of when doing so are here (Basically don't use any "." or "-" or any other strange characters in the Cookie Name):



  • Thanks for the reply. I have read through the article and can indeed see the cookie name but for some reason even after clearing my cache and cookies the other one remains when I view cookies using the developers tools. My goal is to get rid of the Name that has the BIGipServer info which shows the pool and also the value that can a python script can show the internal node. Perhaps I am just missing a step.
  • [root@iris:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       ip protocol tcp
       persist mycookie
       profiles {
          myhttp {}
          tcp {}
    [root@iris:Active] config  b profile mycookie list
    profile persist mycookie {
       defaults from cookie
       mode cookie
       cookie name "mycookie"
    [root@iris:Active] config  b profile myhttp list
    profile http myhttp {
       defaults from http
       cookie secret "secret"
       encrypt cookies "mycookie"
    [root@iris:Active] config  curl -I
    HTTP/1.1 200 OK
    Date: Thu, 06 Oct 2011 14:14:42 GMT
    Server: Apache/2.0.59 (rPath)
    Last-Modified: Sat, 11 Jun 2011 00:31:47 GMT
    ETag: "667a-67-cfb682c0"
    Accept-Ranges: bytes
    Content-Length: 103
    Vary: Accept-Encoding
    Content-Type: text/html; charset=UTF-8
    Set-Cookie: mycookie=ndCgP4r0y+1wxKUyfZlwh06Tobn5uo67AB2+wxP6RC8UO34hJ3/7237cm9JzcdRwbjH6+YmuOyRgGYc=; path=/