For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

themyth_317517's avatar
themyth_317517
Icon for Nimbostratus rankNimbostratus
Apr 18, 2017

Cookie not RFC-compliant - RFC VIOLATIONS

Dear all, I have a problem when logging my site. - The "Cookie not RFC-compliant", And in Request detail, i see: Cookie Buffer 76cfa8cc0ad$[[\"__json_message\" - The cookies is: Accept-Encoding: gz...
ASM Advanced WAF
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 18, 2017

Sorry themyth, the format of the Request doesn't make it that easy to read, perhaps a screenshot may be better? Anyway, here is the violation detail (in case you haven't seen it) - does the cookie violate any of these specific issues?

This violation occurs when HTTP cookies contain at least one of the following components:
- Quotation marks in the cookie name.
- A space in the cookie name or cookie value.
- An equal sign (=) in the cookie name.
Note: A space between the cookie name and the equal sign (=), and between the equal sign (=) and cookie value is allowed.
- An equal sign (=) before the cookie name.
- A carriage return (hexadecimal value of 0xd) in the cookie name.

Hope this helps