Forum Discussion

MVP

Jun 07, 2012

ASM violation: Modified domain cookie(s)

im getting this violation, from the info provided by the ASM it seems to happen when the cookie is first set, am i correct on that? it feels like this is a quite common thing to happen, is it some you...

app sec

BIG-IP Access Policy Manager (APM)

security

BT_90520

Nimbostratus

Jun 30, 2012

the cookie itself when generated by web server will already be signed and recognised as legit ones when passed back to client. So during client session, the cookie presented will have to be the same one and that is verified by ASM. Client will not intentionally tamper with it since it is not even obvious ... The challenge will be more from if attacker try to steal cookie, replay session and copied session cookie but that can be handled by having secure cookie, session timeout and even CSRF preventive measures.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM violation: Modified domain cookie(s)

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

iRule to modify a content-security-policy header

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

modified domain cookies

Samesite cookies on 1600's

Separating False Positives from Legitimate Violations

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS