Forum Discussion

waterfall_10467's avatar
waterfall_10467
Icon for Altostratus rankAltostratus
Nov 13, 2014

Removing Second Plain text Cookie

Hello There,

 

There are dmz and lan bigip devices in our company. Firstly clients request to dmz bigip's vip then it forwads the client to lan bigip's vip because lan bigip's vip has been configured as pool member on dmz bigip. And we want to configure cookie encryption on dmz bigip but when we do it at this time we see both dmz and lan bigip's cookies on fiddler. we have to do persistence on the lan bigip because internal users need to connect to lan bigip directly. in short, internal bigip's pliantext cookies musn't return to client side. and single encrypted cookie need to be seen on the fiddler which is returned by dmz bigip. How can we perform an irule for the issue.

 

Thank you in advance

 

1 Reply

  • A quick search here on DevCentral for 'irule cookie removal' should provide all you need, however...

     

    If the DMZ F5 only has one pool member (the inside F5's VS) then surely you don't need to configure persistence of any kind on that device as it is unnecessary? That being the case you only need to encrypt the cookie on the inside F5. You should be able to do that within a HTTP profile rather than resorting to an iRule.