Forum Discussion

Steve_87971's avatar
Steve_87971
Icon for Nimbostratus rankNimbostratus
Mar 15, 2012

ASM blocks clients that don't accept cookies

  Hi all   I have a HA pair of 3900's running v10.2.3 LTM and ASM, with a blocking policy in place on one of my production VS/applications. We also use OneConnect, the WAN optimised TCP...
app sec
BIG-IP Access Policy Manager (APM)
security
Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Mar 15, 2012
Steve,

 

A questions, is the application on the back-end setting cookies to send to the browser, if so ASM will set its own TS cookie to provide protection of the cookie field. I am not sure how it would handle the client not accepting the cookies.

 

 

Couple Suggestions

 

Have you tried just disabling Application Security in the HTTP Class that will essentially turn off ASM functionality and you should be able to rule it in or out of the process.

 

 

Another thing you could do when ASM is enabled is in the logging profile under the Web Application, turn on Log All Requests and see if you are seeing the request hit the ASM logs.

 

 

Lastly and probably something you will need if you open a case with support, spin up a tcpdump on the front and back end of the ASM and watch the traffic. I assume you will see the request hit the VS but then check and see if the traffic is going out the back end of the ASM towards the servers.

 

 

Let us know if any of this helps or if you need clarification on anything.

 

 

Mike