Forum Discussion
What_Lies_Bene1
Feb 04, 2013Cirrostratus
Create a custom HTTP profile based on whatever you currently use: Local Traffic > Profiles > Services > HTTP
You'll find two fields, one to enter the name of Cookies you want to encrypt the other to enter a passphrase used for the encryption and decryption (plus a verify field I think). Fill these in as appropriate and apply the profile to your VS.
I advice you test thoroughly before doing this in a production environment. Note cookie encryption tends to break Java applications if you encrypt any SessionID cookies.
Also note that this doesn't prevent spoofing, you could copy the cookie to another machine and it would still be valid and accepted by the F5.