Forum Discussion
Albert__Tase_70
Nimbostratus
Nimbostratususing an Irule to strip off the cookie info for sceurity reasons
is there a way using an Irule to use cookie insert but not to include the pool name and ip address of the server ? i know the f5 uses this info for its way of doing the persistance. I have bene looking at cookie sanitize but there is very little info on this option.
thanks
AL Tase
4 Replies
- Is setting cookie name in the persistence profile not enough for your use?
Albert__Tase_70problem is need to strip off the default that the f5 puts in the cookie do not know if applying cookie name in the profile would do this?
the f5 by default adds bigip pool name and address
I need the bigip and poolname striped off and also the address stripped any ideas if the by assigning the cookie name in the porfile would accomplish this that would be assume I will test it
thanks
Al Tase
Andy_Herrman_22So your problem isn't with the name of the cookie but the contents of it?
I've seen some people talk about encrypting the cookie using some iRule magic, but I'm not sure if that works on the cookie used for cookie persistence profiles, but you could always switch to universal persistence and do the cookie insertion/encryption manually.- You can specify an alternate persistence cookie name in the persistence profile, but you can't just remove the hash of the serverIP and port from the persistence cookie since that's what LTM uses to find the correct server.
You can definitely encrypt the cookie value on the way out, though, and decrypt it on the way in.
Here's a good start on that option. I think you'd just need to replace the cookie name with your persistence cookie name: Click here
(http://devcentral.f5.com/wiki/default.aspx/iRules/EncryptingCookie.html)
HTH
/deb
