Forum Discussion
GDC1-TRG-F5
Nimbostratus
NimbostratusCookie not RFC-compliant - Cookie has no value
After upgrading the ASM to v16.1.5, applications are impacted due to this violation. Cookie: TS01e67e1b=01117c6e19857f90c59bf98aa78f99ae127e515a9e8b98b63394cb861749b60553d9deb146068ba33d4adc4809...
Hi GDC1-TRG-F5 ,
The article you mentioned in your pose is actually the solution to your issue, specifically point 2 under recommended actions.
K000140792: After upgrading to 17.1.1, 16.1.5, 15.1.10 , BIG-IP AWAF is blocking request with violation 'Cookie is not RFC compliant (cookie has no value)'Address the cookie value in application. Until then disable violation Cookie not RFC-compliant in learning blocking setting.
Cheers,
Mo
MoFaz
Moderator
ModeratorHi GDC1-TRG-F5 ,
I've read the article that you linked in your post and I think the scenario that you're facing is similar to point 2 under description:
- HTTP request. BIG-IP AWAF is blocking http request containing cookie with { }
I see that your cookies value highlighted in red, is also mention in this Bug article. Bug ID 1069441: Cookie without '=' sign does not generate rfc violation. Previously, if a request included a Cookie header that contained only the name of the cookie without an equal sign (=) and a corresponding value, it might not result in a violation. Now, such a request is blocked and reported with a "Cookie not RFC-compliant" violation as expected according to the RFC (Request for Comments) specifications.
However, no fix is mentioned. Let me ask around if there's a fix for this.
Cheers,
Mo.