Forum Discussion
Facing problem with Modified domain cookies
Hi Aantat ,
Are there any device in your path makes any kind of Cookie persistence or not ?
I want to say if there are " any persistence Cookies " in Requests that pass via F5 ASM , it will make such these violations and in this case this is a false positve you should dis-check mark from "block" box in learning and blocking setting for the impacted service.
> another solution , take a har file or extract the payload itself from F5 Event logs and see which cookies are sent in requests , After That contact with server developer to discuss with him these cookies and expiration periods or validate if these cookies accept modification or not , the only one who should decide if these cookies accept modification or not is server developer/owner for better visability in your applications.
Note : you should find server cookies in http header called " set-cookie" header.
- To get the har Archive file , Follow this KB :
https://support.f5.com/csp/article/K10370211
- For more info about Modified domain cookies violations and its possibility to be false positive , read the following articls :
https://support.f5.com/csp/article/K89255958
https://support.f5.com/csp/article/K5907
I hope my reply helps you
Hi, i dismarked block setting and find the reason of problem. So violation is triggered when user uses my app via example.com after www.example.com. Is there any suggestion on that? Should I do redirect from www to my example.com?
- Jan 13, 2023
Hi Aantat ,
Can you clarify more ,
What is your APP , and www.examble.com / example.com.
Do you want to redirect all requests to example.come instead of www.example.com ,
I need some clarification.
- AantatJan 14, 2023Cirrus
Hi,
So my app is simple web application - example.com. So violation is triggered when user access to app via example.com after www.example.com. I mean the problem is triggered with "www". Is there any suggestion on that? IDK about redirect, it was just my suggestion.
- Jan 14, 2023
Hi Aantat ,
The problem is triggered with issuing "www" but everything goes fine with using "example.com" directly.
so I think if we redirect from "www.example.com" to "example.com" may this solve this issue.
if you want to try the redirection , you can do it by LTM policy or irule , I can help you in this.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com