Forum Discussion

Nimbostratus

Jun 10, 2015

Cookie RFC compliant? Unusual use case

I'm investigating some interesting security events when implementing ASM rules against a VIP. The ASM logs list an event that the request contains "Cookie not RFC-compliant" due to "Invalid character...

ASM Advanced WAF

security

boneyard

MVP

Jun 13, 2015

i don't believe there is a way to allow things like this in another way then disable the violation. f5 decided on what they consider RFC compliant and you can't tweak that.

you could consider building an irule which uses another ASM policy with this violation disabled only when this type of cookies is used.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cookie RFC compliant? Unusual use case

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

F5 mssql health monitor failing

Related Content

Cookie not RFC-compliant - Cookie has no value

NGINX Plus R35 for Federal Environments: FIPS-Compliant algorithms with ACME Certificates in AWS

Example OWASP Top 10-compliant declarative WAF policy

A basic OWASP 2017 Top 10-compliant declarative WAF policy

Cookie-based DDoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS