Forum Discussion

Nimbostratus

Jan 04, 2019

Exchange (OWA) ASM Template and Cookie Violation

Hello, I have a Portal Access VS which allow to access multiple applications (URIs). One of those is an OWA Exchange 2010. All is working fine. I am now trying to secure the OWA application...

ASM Advanced WAF

BIG-IP

security

Cirrus

Jan 07, 2019

The two cookies I mentioned are present in the template. My understanding is that Allowed cookies are cookies authorized and that can be modified by user. Enforced cookies are cookies authorized but that shouldn't be modified by user.

Both UserContext and tzid cookies are in the Enforced section, and flagged as changed by user which triggers the violation.

Both cookies are indeed sent by server.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Exchange (OWA) ASM Template and Cookie Violation

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

Related Content

Microsoft Exchange 2010 and 2013 iApp Template

External Monitor Information and Templates

Legacy ASM Templates

APM Advanced Customization Examples with Modern Template, v15.1+

TCP iApp template

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS