to confirm if cookie is originated from F5 or other devices

Question

How do we determine if the cookie is created by our setting in LTM or the cookie is created from other non-F5 devices?&nbsp;

petewhite · Answer

The best way to be sure is to capture both sides of the connection via tcpdump and look for where the Set-Cookie header originated but in general, cookie persistence is a cookie called BIGipServer ( see here ) ASM has TSxxx... (see here ) and APM has a number of cookies that are listed here

dw_888_212625 · Answer

if we are using ASM with LTM, we noticed there is a cookie called TSxxx, we had an irule in place for httponly and secureflag, but not sure why is it not working for the TSxxx cookie.
Below is the irule, kindly advise.&nbsp;
when HTTP_RESPONSE {
   set var [HTTP::header values "Set-Cookie"]
   HTTP::header remove "Set-Cookie"
   foreach tcookie $var {
         HTTP::header insert "Set-Cookie" "${tcookie}; HttpOnly; Secure "
      }
   }&nbsp;

dw_888_212625 · Answer

Please advise if there is any cases or incidents that the ASM TS cookies had been exploited before and the likelihood of being exploit?&nbsp;

petewhite · Answer

I haven't seen it being exploited - it is specifically designed to prevent cookie exploits and maintain form integrity. It is encrypted and the likelihood of cookie exploitation is very low I would expect.

Forum Discussion

to confirm if cookie is originated from F5 or other devices

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Device Management

Device ID not working for IOS iPhone devices

Security for IoT Devices and Why It’s Important

what's Device ID in asm?