For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus
Oct 08, 2013

You will break ASM functionality if you remove TS cookie. Is the cookie that ASM sends affecting the client behavior? That should not be the case. If yes, is this a browser or a custom client?

 

  • Pranav_73262's avatar
    Pranav_73262
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2013
    Ok. Actually it is not affecting client behavior, however, customer has requirement that we should not send any cookies. It is HTTPS application.
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 08, 2013
    just thinking out loud, is ASM required?
  • Pranav_73262's avatar
    Pranav_73262
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2013
    yes, it is required. But should not add cookie :) only inspect and block in case of violations.
  • Michael_Koyfman's avatar
    Michael_Koyfman
    Icon for Cirrocumulus rankCirrocumulus
    Oct 08, 2013
    Then you must disable ASM on that application.
  • Pranav_73262's avatar
    Pranav_73262
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2013
    OK. Can you comment on my earlier iRule? Will it delete cookies from response & break ASM?