For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Altostratus rank

Altostratus

Oct 18, 2016

Can you rename the TS cookie used with ASM?

Can you rename the TS cookie used with ASM?

ASM Advanced WAF

2 Replies

samstep
Cirrocumulus
Oct 18, 2016
ASM does not have the ability to rename the built-in TS cookies.

Why do you want to do it? To hide that you are using ASM? This is only a "security by obscurity" and will not make more secure. Attackers can always fingerprint BIG-IPs and figure out that you have ASM protection based on getting a blocking page response on some generic signature.
samstep
Cirrocumulus
Oct 19, 2016
I doubt that PCI-DSS will give you any trouble for the fact that you can prove that you have a WAF :) on more serious note though what the auditors would look for is patching level. There have been several security vulnerabilities in F5 products in the past few months, so make sure you have the latest Hotfixes.

Here is a handy link listing all F5 vulnerabilities (CVEs) in 2016:

F5 CVE Details

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5