ASM cookie without value not RFC-compliant

with 11.2.0, if the clients sends a requests with a TS cookie without value, you get an 'ASM modified', which is ok. with 11.5.1, if the clients sends a requests with a TS cookie without value, you get an 'Cookie not RFC-Compliant', which is bad. Can someone confirm that as bug or is it a changed feature? Didn't found something in the release notes. thx

Nice, I have to splitt my question to get it online.

Someone else with this behaviour?

The spam filter really sucks.

 

Thx for the solution.

 

I'm seeing the same issue after upgrading from 11.3.0 to 11.5.1. Before upgrading, one of my ASM profiles generated an abnormally large number of 'ASM modified' violations. After the upgrade, the same profile generates an abnormally large number of 'Cookie not RFC-complaint' violations instead of the 'ASM modified' violations. Viewing the violation details lists the cookies that have been flagged are all TS cookies which have not value (TSxxxxxxxx=;) Does anyone know what the root cause for this behavior?

We have upgraded from 11.2 to 11.6 and now instead of "ASM modified" we are seeing "Cookie not RFC-Compliant". The problem is that the client's browser sends empty cookies which are RFC compliant. This seems to be happening only for Chrome users (mostly on Mac OS X10 and Windows 7). ASM detects issue only for its own cookies (TSxxxxxx=;) and this behaviour does not seem to be in line with article 7776. The impact to the user is that he will not be able to connect to the website until the cookies are completely cleared. The possible workaround is to downgrade "Cookie not RFC-compliant" violation, but this would allow various genuine attacks against cookies to get passed the firewall. Does anyone know why was there a change in the ASM behaviour?