Forum Discussion
About Session Hijacking
Funny, I came across the same issue recently in a customer scenario. Nikoolayy1 is correct.
Here are my 5 cents.
1. Steal one cookie > ASM will block.
2. Steal both cookies > ASM won't block this, Session Hijacking is possible.
3. Enable a Bot Defense profile for this VS and configure it to create a Device ID.
4. Configure the following in the learning and blocking settings:
This way hijacking the session by stealing both cookies will fail.
KR
Daniel
Also APM can be added so that each device to be checked if it is corporate https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/15.html , using the APM checks. Even if someone steals even the APM cookie after some time their device will be checked.
Setting up ASM session tracking with APM
- On the Main tab, click Security > Application Security > Sessions and Logins > Session Tracking .
The Session Tracking screen opens.
- In the Session Tracking Configuration area, select the Session Awareness check box.
- From the Application Username list, select Use APM Usernames and Session ID.
-
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com