Forum Discussion

Cirrus

Jan 11, 2023

Facing problem with Modified domain cookies

Hello. I'm facing problem with Modified domain cookies. I have configured ASM policy in blocking mode with some enforced cookies. Also I have enabled blocking on Modified domain cookies on Learning ...

application delivery

security

Mohamed_Ahmed_Kansoh

MVP

Hi Aantat ,
Are there any device in your path makes any kind of Cookie persistence or not ?
I want to say if there are " any persistence Cookies " in Requests that pass via F5 ASM , it will make such these violations and in this case this is a false positve you should dis-check mark from "block" box in learning and blocking setting for the impacted service.

> another solution , take a har file or extract the payload itself from F5 Event logs and see which cookies are sent in requests , After That contact with server developer to discuss with him these cookies and expiration periods or validate if these cookies accept modification or not , the only one who should decide if these cookies accept modification or not is server developer/owner for better visability in your applications.
Note : you should find server cookies in http header called " set-cookie" header.

- To get the har Archive file , Follow this KB :
https://support.f5.com/csp/article/K10370211
- For more info about Modified domain cookies violations and its possibility to be false positive , read the following articls :

https://support.f5.com/csp/article/K89255958

https://support.f5.com/csp/article/K5907

I hope my reply helps you

Aantat

Cirrus

Jan 13, 2023

Hi, i dismarked block setting and find the reason of problem. So violation is triggered when user uses my app via example.com after www.example.com. Is there any suggestion on that? Should I do redirect from www to my example.com?

Mohamed_Ahmed_Kansoh
MVP
Jan 13, 2023
Hi Aantat ,

Can you clarify more ,

What is your APP , and www.examble.com / example.com.

Do you want to redirect all requests to example.come instead of www.example.com ,

I need some clarification.
- Aantat
  Cirrus
  Jan 14, 2023
  Hi,
  So my app is simple web application - example.com. So violation is triggered when user access to app via example.com after www.example.com. I mean the problem is triggered with "www". Is there any suggestion on that? IDK about redirect, it was just my suggestion.
  - Mohamed_Ahmed_Kansoh
    MVP
    Jan 14, 2023
    Hi Aantat ,
    The problem is triggered with issuing "www" but everything goes fine with using "example.com" directly.
    so I think if we redirect from "www.example.com" to "example.com" may this solve this issue.
    if you want to try the redirection , you can do it by LTM policy or irule , I can help you in this.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Facing problem with Modified domain cookies

Recent Discussions

Creating Policy using Terraform

Alert Mail when virtual server down trubleshooting

How to disable RC4 Cipher on SSL

Big-IQ + LetsEncrypt wildcard

DEVICE-0202 Error while adding rSeries as a provider in CM

Related Content

Re: SYN Cookie operation

Modifying multiple entries in a datagroup via api?

Re: LTM SYN Cookie Configuration

Source_Addr Persistence Problems

Modify vCMP-Guest with ansible not possible?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS