Forum Discussion

Nimbostratus

Jun 06, 2012

ASM Injections

Hello All, I had 2 Queries on what is injected in the traffic/URI's by ASM or any other manipulation done by it that alters the original state. 1) Is ASM cookie injected in ...

management

monitoring

Attack_Signatur

Nimbostratus

Jun 09, 2014

The ASM will always inject the TS* cookie, even in transparent. This allows the ASM to track information about individual clients such as their IP address. When a TS* cookie becomes associated with another client from a different IP address then it will suspect a cookie hijacking has taken place.

I have only seen the ASM inject CSRF tokens (when CSRF was turned on) and Web Scraping JavaScript. I have never seen any other manipulations.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM Injections

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Connection Rate Limit with log output

syslog over tcp and define management IP as source

Managing iRules configuration

Recommendation for Adv. Lab

Related Content

LLM Prompt Injection Detection & Enforcement

Logging/Blocking possible prompt injection

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

WAF evasion techniques for Command Injection

WordPress Content Injection Vulnerability - ASM Mitigation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS