16-Feb-2023 14:24
I am seeing the F5 persistence pool cookies showing on the client side browser when viewing via inspection tools:
BIGipServer~application~po*
I would like to remove these so the pools are not exposed to viewers of the website. I assigned the following rule to the VIP but it does not appear to be clearing these out:
when HTTP_RESPONSE_RELEASE {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
if {$aCookie matches_regex {^BIGipServer(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
# Remove ASM Cookies
HTTP::cookie remove $aCookie
}
}
}
Solved! Go to Solution.
16-Feb-2023 14:47
This is exactly how Cookie Persistence method works and if you remove the cookie you break the functionality. There are alternative cookie persistence methods you might consider. Check them below:
Overview of cookie persistence (f5.com)
In addition to it, I recommend you to enable encryption on your current cookie persistence method. This will prevent malicious users to revert the value of the cookie into IP address of your pool member.
16-Feb-2023 14:47
This is exactly how Cookie Persistence method works and if you remove the cookie you break the functionality. There are alternative cookie persistence methods you might consider. Check them below:
Overview of cookie persistence (f5.com)
In addition to it, I recommend you to enable encryption on your current cookie persistence method. This will prevent malicious users to revert the value of the cookie into IP address of your pool member.