Forum Discussion

Nimbostratus

Jun 05, 2018

Best way to handle Oracle OAM session cookies?

I am seeing several alerts on our OAM session cookies with multiple applications and policies. Not sure the best way to adjust the policy for these because the cookie has different values each time it shows up. They all seem to have the GET /obrar.cgi method and then the cookie parameter seems to be different based on the session for the user. It gets flagged on meta characters and other things. Are there any good ways to allow for this and do some kind of sanity check instead of just opening up everything from the URL /obrar.cgi?

ASM Advanced WAF

security

No RepliesBe the first to reply

Forum Discussion

Best way to handle Oracle OAM session cookies?

Recent Discussions

VPN fragmented IP packets dropped

iRule interpretation assistance

F5 Access Guard Deprecated: ZTA APM

Inquiry on F5's Maintenance Mode Feature for Pool Members

ASM Bot Defense JS and CSP

Related Content

HTTP cookie SameSite: test detection of browsers with incompatible SameSite=None handling

Intermediate iRules: Handling Strings

Intermediate iRules: Handling Lists

Handle False Positive for files upload

Cookie-based DDoS protection