Removal of Client Side F5 Persistence Pool Cookie

Question

I am seeing the F5 persistence pool cookies showing on the client side browser when viewing via inspection tools:BIGipServer~application~po*I would like to remove these so the pools are not exposed to viewers of the website. I assigned the following rule to the VIP but it does not appear to be clearing these out:&nbsp;when HTTP_RESPONSE_RELEASE {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
if {$aCookie matches_regex {^BIGipServer(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
# Remove ASM Cookies
HTTP::cookie remove $aCookie
}
}
}&nbsp;

ismael_goncalves · Accepted Answer

This is exactly how Cookie Persistence method works and if you remove the cookie you break the functionality. There are alternative cookie persistence methods you might consider. Check them below:
Overview of cookie persistence (f5.com)
In addition to it, I recommend you to enable encryption on your current cookie persistence method. This will prevent&nbsp; malicious users to revert the value of the cookie into IP address of your pool member.&nbsp;

Forum Discussion

Removal of Client Side F5 Persistence Pool Cookie

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Akamai True-Client-IP Header Persistence

Decoding the IPv4 address from the persistence cookie

Remove Quotation marks

iRule based RADIUS Client Stack

Remove subnet from NAT pools without any impact