Forum Discussion

Duncan_Proffitt's avatar
Duncan_Proffitt
Icon for Altostratus rankAltostratus
Dec 28, 2017

F5 BIG-IP Cookie Discloses Internal IP Address

During a mooch about, I discovered that the BigIP has encoded the IP address of the web server it was acting on behalf, of within a cookie.

 

What have I missed to prevent this?

 

Encryption of the cookie?

 

4 Replies

  • During a mooch about, I discovered that the BigIP has encoded the IP address of the web server it was acting on behalf, of within a cookie.

     

    you mean this, don't you?

     

    K6917: Overview of BIG-IP persistence cookie encoding

     

    https://support.f5.com/csp/article/K6917

     

    What have I missed to prevent this?

     

    Encryption of the cookie?

     

    may this be useful?

     

    K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

     

    https://support.f5.com/csp/article/K23254150

     

    • Srini_87152's avatar
      Srini_87152
      Icon for Cirrostratus rankCirrostratus

      Yes, as nitas said.. all you need to enable cookie encryption.

       

      Thx Srini

       

  • During a mooch about, I discovered that the BigIP has encoded the IP address of the web server it was acting on behalf, of within a cookie.

     

    you mean this, don't you?

     

    K6917: Overview of BIG-IP persistence cookie encoding

     

    https://support.f5.com/csp/article/K6917

     

    What have I missed to prevent this?

     

    Encryption of the cookie?

     

    may this be useful?

     

    K23254150: Configuring cookie encryption for BIG-IP persistence cookies from the cookie persistence profile

     

    https://support.f5.com/csp/article/K23254150

     

    • Srini_87152's avatar
      Srini_87152
      Icon for Cirrostratus rankCirrostratus

      Yes, as nitas said.. all you need to enable cookie encryption.

       

      Thx Srini