Forum Discussion
NimbostratusDisable ASM signature for all cookie parameters
Hello
How can I disable a signature for all cookies only? Example - I have a cookie:
Cookie: .AspNet.ApplicationCookie1 = XGtw4WmA3N_wmXLWU22Y8m1K; .AspNet.ApplicationCookie2 = XXIPqExECpMDvp4KrXsTXMS_9asdf; .... other cookies
Names of cookies are changed, the string is a random text from ASP NET. It is false positive.
SQL-INJ Stored procedure "exec MS_" (Parameter) 200002275 Context: Cookie Detected Keywords: MS_, ExEC
My settings
If the exact parameter name is specified in the cookie and the signature is blocked then the query is enabled. This is OK.
But if I use * for any name then the query is Blocked.
How can I disable only listed signatures for all cookie parameters? Can I use * wildcard character?
Thank you for your help.
The wildcard should work. Are you getting false positives after setting the wildcard? What is the violation that is being triggered by ASM?
Jirka_Placatka_Yes there are exceptions - Are high in the text:
SQL-INJ Stored procedure "exec MS_" (Parameter) 200002275
Context: Cookie
Detected Keywords: MS_, ExEC
Only if the exact parameter name in cookie is specified the no exception is detected.
What could be the cause? Any system settings?
samstepCirrocumulus
This potentially looks like an ASM bug to me - which version of BIG-IP are you using?
I suggest you first try to create a bit more specific wildcard cookie like this: .AspNet.App* and try to disable the signature on it - if you are still getting SQLInjection false positives - raise a support case with F5 by emailing support@