Forum Discussion

Cirrus

Oct 11, 2024

Blocking client that uses existing cookie

Hi, We are trying to block a client that uses existing cookie. We try to configure session hijacking protection but they are still able to connect. May I know another method to block the client tha...

Cirrus

Hi,

We are running this to a UAT, and they are trying to access first the legitimate user once successfully login they copied the cookies of the legit user then it will be imported to another user browser.

zamroni777

Nacreous

Oct 14, 2024

in my opinion, it's not valid test case for waf or reverse proxy such as f5 asm/ltm
because browsers also reuse non expired cookies in legitimate access.

i suggest the application should add captcha to verify human users.

if you have enough apm user session license, you can also put the app access via apm webtop portal.
my customer use this mechanism for corporate internet banking access.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Blocking client that uses existing cookie

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Response and blocking page

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

MS Exchange ProxyNotShell block implemented via iRules

allow one url from blocks geolocation

Block Log4j with use of IOCs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS