For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Jan 11, 2023

Facing problem with Modified domain cookies

Hello. I'm facing problem with Modified domain cookies. I have configured ASM policy in blocking mode with some enforced cookies. Also I have enabled blocking on Modified domain cookies on Learning ...
application delivery
security
G-Rob's avatar
G-Rob
Icon for Employee rankEmployee
Jan 11, 2023

BIG-IP ASM cookies are session based and do not get written to disk. When the user is connecting to the application using incognito mode, there is no existing cookie so the violation is not triggered. See K5907: BIG-IP ASM violation: Modified domain cookie 

The most common reason the cookie changes is that the client makes a request to another app on the same domain not passing through the same ASM policy which modifies the cookie. Another common cause for the violation is that the ASM cookie is set with a different expiry than the app's cookie. If you can reproduce the issue, try using your browser's development tools to view the cookies in use for the application and monitor changes to the cookie between ASM sessions. 

  • Aantat's avatar
    Aantat
    Icon for Cirrus rankCirrus
    Jan 13, 2023

    Hi, so I think I find the reason of my problem. Violation is triggered when user uses my app via example.com after www.example.com. Is there any suggestion on that? Should I do redirect from www to my example.com?