Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Apr 04, 2018

encrypted cookie values

Hi all, during our security scan we found our published service to be displaying cookie values as in 1st screenshot. I have follow https://support.f5.com/csp/article/K14784 but it seems we still see the Set-Cookie value. Am I missing something here ?

 

Security Scan results:

 

http profile configuration:

 

1 Reply

  • Hello,

     

    We are agree that in "Encrypt Cookies" Field you enter the exact name of the cookie? I have the impression that the name of the cookie entered in the field does not correspond to the catches seen...

     

    last point, this feature allows to encrypt an application cookie and not a cookie generated by F5.

     

    If you want to encrypt F5 cookie (peristence profile) you have to do it in cookie peristence profile (Local Traffic ›› Profiles : Persistence ›› cookie-Encryption-Required).

     

    Regards