Removal of Client Side F5 Persistence Pool Cookie
I am seeing the F5 persistence pool cookies showing on the client side browser when viewing via inspection tools:
BIGipServer~application~po*
I would like to remove these so the pools are not exposed to viewers of the website. I assigned the following rule to the VIP but it does not appear to be clearing these out:
when HTTP_RESPONSE_RELEASE {
set cookies [HTTP::cookie names]
foreach aCookie $cookies {
if {$aCookie matches_regex {^BIGipServer(?:[0-9a-fA-F]{6,8})(?:$|_[0-9]+$)}} {
# Remove ASM Cookies
HTTP::cookie remove $aCookie
}
}
}
This is exactly how Cookie Persistence method works and if you remove the cookie you break the functionality. There are alternative cookie persistence methods you might consider. Check them below:
Overview of cookie persistence (f5.com)
In addition to it, I recommend you to enable encryption on your current cookie persistence method. This will prevent malicious users to revert the value of the cookie into IP address of your pool member.