For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Paulraj_1's avatar
Chris_Paulraj_1
Icon for Nimbostratus rankNimbostratus
Jan 20, 2009

Could someone shed light on "Modified Domain Cookie" violations?

I need some help in understanding the modified cookie domain violation. Does ASM report it when a cookie gets modified at the client side (browser)? and does it also report when a cookie gets updated ...
app sec
BIG-IP Access Policy Manager (APM)
security
Chris_Paulraj_1's avatar
Chris_Paulraj_1
Icon for Nimbostratus rankNimbostratus
Jan 27, 2009
Thank you Javier, You are right on, we do see those violations. Does it also flag when the protocol is switched? We get Bigip affinity cookie from our public site using HTTP and when we switch to HTTPS at the time of login, it is flagging both affinity cookies with Modified Domain cookies violation. (two different pools - one for HTTP and one for HTTPS)

 

 

thanks again

 

Chris