Forum Discussion
Anthony
Nimbostratus
NimbostratusASM Cookie assistance
Hi all.
Since upgrading to 11.2 we have suffered with 10's of thousands of Modified ASM Cookie alerts each week. I understand that the ASM cookie is session based so would expect these to clear over time since the upgrade but this doesn't appear to be the case.
Does anyone know of occurances where an old ASM cookie might hang about for some reason?
Thanks in advance for any info.
Anthony
21 Replies
Mike_MaherAre all your ASMs running 11.2 or do you have some in your environment that are still running say 9.x or 10.x code?
AnthonyHi Mike, all are on 11.2.
Regards
Anthony
Mark_IIHi Anthony,
Guess yours is a known issue while upgrading
https://devcentral.f5.com/community/group/aft/2166149/asg/392274893
Try disabling the ASM cookie for 2+ weeks and then enable the same again.
Regards,
Ikram- AnthonyThanks for the response. We upgraded to V11 months ago and followed the advice of leaving the policy disabled to allow the cookies to clear, however this had no impact to the numbers we see.
Regards,
Anthony - Hi Anthony,
With version 11 ASM can enforce only the session cookies (in the past you had to mark the non-session cookies or cookies that change on the client side).
Did you also change the enforcement model after the upgrade?
Cheers,
Ido - AnthonyHi Ido, I haven't seen information regarding that before. Do you have a link to the configuration at all, or info on how I can set that up so I can look into it?
Many thanks
Anthony - AnthonyI can see in the HTTP request that there are 2 TS cookies with different values, which I am sure is causing the issue. But I can't understand where this rogue TS cookie would be coming from. It is the same format as the valid TS cookie, so it is not something any other application might be setting.
- Mike_MaherDo you run your ASMs in an Active Standby configuration or stand alone behind a load balancer?
- AnthonyMike, we run an Active/Standby pair.
We run the same configuration on our test loadbalancers too, but these are not suffering from the modified ASM cookie issue. Perhaps there is a load/traffic element to the issue. - Mike_MaherSo my assumption is that the other TS cookie you are seeing is causing the problem and is coming from another ASM. Is it possible that someone may pass through one ASM for some requests and another ASM for other requests across the same session? If so is it possible for you to tie all traffic to one ASM for a period of time to see if the violations go away?
Mike
