Could someone shed light on "Modified Domain Cookie" violations?

 

Hi Chris,

 

 

Which ASM version are you running? The functionality has changed somewhat across several versions.

 

 

The modified domain cookie violation would be triggered whenever the client presents a non-ASM cookie with an ASM cookie that doesn't contain matching data. The violation would not be triggered when the server sets a cookie with a new value.

 

 

ASM checks response headers for the Set-Cookie header. If it sees the app set a cookie that is not in the "allowed modified domain cookie" list ASM creates a hash of the app's cookie and saves the hash as part of the the ASM cookie. On subsequent requests, ASM checks the hash of any cookie the client presents which is not in the "allowed modified domain cookie" list against the hash value in the ASM cookie. Another factor that comes into play is the expiration time. In versions prior to 9.4.(~2?), ASM would set the cookie with a max-age property of 900 seconds. It would also check the hash to determine if the cookie timer had expired. In more recent versions I think this has changed to a session cookie.

 

 

Here are a few related solutions:

 

 

SOL6850: Overview of BIG-IP ASM cookies.

 

https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6850.html

 

 

SOL5907: Error Message: Modified domain cookie

 

https://support.f5.com/kb/en-us/solutions/public/5000/900/sol5907.html

 

 

SOL7354: The BIG-IP ASM sets persistent cookies for some web browsers

 

https://support.f5.com/kb/en-us/solutions/public/7000/300/sol7354.html

 

 

Aaron