Forum Discussion
GDC1-TRG-F5
Nimbostratus
NimbostratusCookie not RFC-compliant - Cookie has no value
After upgrading the ASM to v16.1.5, applications are impacted due to this violation.
Cookie: TS01e67e1b=01117c6e19857f90c59bf98aa78f99ae127e515a9e8b98b63394cb861749b60553d9deb146068ba33d4adc4809067c58864ec7a0a7; da9ec29c6b39e2b88e843f34fcc5c888=65d704e40287c7e10857d068a5c7e0e8; BIGipaaaaaaaaaaaaaaaa=!jg6d/hMU2jsserYjJogO6C4bpgnUbuxrViNJR0aXqUXe2HKAGIthD59Q0H/dwcVIrnAaJXJD1jpaAjDfbRxWeL0nv70gg6ZTvqjk6JeY; {}; bf73147a74759c67a3aeb25b4366db4b=c2f86fb44daf387390821d422f1e2128; c65f6ef4e400d09c0f0b01031bd4f543=922ff603468528d429baa6c55326993a; ce78ef2593547bf35a602fa87764cf66=ffc07f7c986d4b47f21881f4ced17bd8; f319c5d88cce600c230f6325ebd679da=ef9b4bae1258ba2df4dc3d462eb57fc6; bab5c74a20de5947515f788a66a1113d=1c975f92651ecbae9ce488302974ac6f; 5562f6b47d905c6971bd6205cd7a280f=4ebf40f732bea8170ece709b0bb26785; 580bbc8d2e73ba78a72fdc8852e084da=e1f990dbd9d7fdffff7a564ff5494f71; ecaab19faae5d2a3c391e04f443c7f00=390917dffad9a30a8b8ba039585e3870; 56269766768c8b4d9fa0a096871ef860=fa83211121101296d6c4963469ee910e; b08cac70fbebd894cc114a36d402393a=bacbc7745aebb8a56fb8479ebb6da69c; 1e9248c1ef07a284d0fdc6eac6fbb320=c9ef1cf6eaecda4b0268cbc818508627; 1ae1841113f8ed1046fed24bdbb209e7=56e403f6ee2b16da5526d29f89702617; JSESSIONID=7196FF8AF38E24CA3E94B359AEBD13EF; cfidsgbg-w-aabtestenv=J3cUWHklvHmPLynEsAFGqLPEmsHcFd2fQaLHlg0xhvu6qdNkrLUHHBCYcF4GlnVN3HA8HR9DSW1tdwEiEbTiqTvj0fFTsviMYVlhZbVvZ0qyEAN9AxKXFFdu5yyLPf2B5GYXjdptAaucmRnm09qYc6L85cj2oe031OBds+M=; TS01707b3f=017da02c37d17c78956026fa4cbd0ee1bbe7f19180822950b07f41cebabc61439b0c463077c6c4e56e4f3ed8f997ce4bf9c5a1b3c0
While we understand it's a known issue, the behavior in our case seems to be different.
After upgrading to 17.1.1, 16.1.5, 15.1.10 , ASM blocking request with violation Cookie is not RFC compliant (cookie has no value) (f5.com)
Would like to understand if this violation is triggered due to an empty segment on the cookie or for a different reason and how can this be fixed.
Hi GDC1-TRG-F5 ,
The article you mentioned in your pose is actually the solution to your issue, specifically point 2 under recommended actions.
K000140792: After upgrading to 17.1.1, 16.1.5, 15.1.10 , BIG-IP AWAF is blocking request with violation 'Cookie is not RFC compliant (cookie has no value)'Address the cookie value in application. Until then disable violation Cookie not RFC-compliant in learning blocking setting.
Cheers,
Mo
- MoFaz
Moderator
Hi GDC1-TRG-F5 ,
I'll be marking this as solution. If I've mistakenly mark this as solution, please share why and any progress to date.
Thanks,
Mo
- MoFaz
Hi GDC1-TRG-F5 ,
I've read the article that you linked in your post and I think the scenario that you're facing is similar to point 2 under description:
- HTTP request. BIG-IP AWAF is blocking http request containing cookie with { }
I see that your cookies value highlighted in red, is also mention in this Bug article. Bug ID 1069441: Cookie without '=' sign does not generate rfc violation. Previously, if a request included a Cookie header that contained only the name of the cookie without an equal sign (=) and a corresponding value, it might not result in a violation. Now, such a request is blocked and reported with a "Cookie not RFC-compliant" violation as expected according to the RFC (Request for Comments) specifications.
However, no fix is mentioned. Let me ask around if there's a fix for this.
Cheers,
Mo.
- MoFaz
Hey GDC1-TRG-F5 ,
I found this article for a fix. K7776: BIG-IP ASM violation: Not RFC compliant cookie.
Let me know if this helps at all! - MoFaz
Hi GDC1-TRG-F5 ,
The article you mentioned in your pose is actually the solution to your issue, specifically point 2 under recommended actions.
K000140792: After upgrading to 17.1.1, 16.1.5, 15.1.10 , BIG-IP AWAF is blocking request with violation 'Cookie is not RFC compliant (cookie has no value)'Address the cookie value in application. Until then disable violation Cookie not RFC-compliant in learning blocking setting.
Cheers,
Mo