Forum Discussion

Nimbostratus

Jun 09, 2015

Cookie RFC compliant? Unusual use case

I'm investigating some interesting security events when implementing ASM rules against a VIP. The ASM logs list an event that the request contains "Cookie not RFC-compliant" due to "Invalid character...

ASM Advanced WAF

security

Erik_Novak

Employee

Jun 10, 2015

Try going to Application Security: Headers: Character set and then locate the character / 0x2f (hex). Change the state to allow, and then see if the violation goes away. You should be able to allow / in the value of any header field--I think cookies as well.

Erik

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)