For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Jun 20, 2016

illegal cookie length: ASM violation

HI ASM experts, I am seeing traffic getting blocked due to the "Illegal cookie length violation" . System configured: 8192 bytes, received 8452. I am running 11.5.1 HF7. I tried to increase the cookie length by going to the policy and selecting advanced, BUT it gave me an error that the max allowed is 8192 bytes. What is the work around for this? This seems to be a legit GET request.

 

ASM Advanced WAF
security

16 Replies

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 20, 2016

    Hi,

     

    8192 bytes is the default length, not the max allowed in general.

     

    I will try it on my lab and give you a feedback

     

    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 20, 2016
      In fact, that's true. 8192 bytes is the maximum length you can define for header and cookies. This is a limit that include name+value. You can change this setting by Any if you have headers that exceed this max length
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jun 20, 2016

    Hi,

     

    8192 bytes is the default length, not the max allowed in general.

     

    I will try it on my lab and give you a feedback

     

    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 20, 2016
      In fact, that's true. 8192 bytes is the maximum length you can define for header and cookies. This is a limit that include name+value. You can change this setting by Any if you have headers that exceed this max length
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Jun 20, 2016

    8192 Is indeed the maximum and I think you only have 2 workarounds - disable the violation, or write a custom iRule. Disabling the violation itself would probably make the most sense here.

    Go to policy blocking settings, and un-tick the 'learn/alarm/block' boxes under 

    Illegal cookie length
    violation. Save and apply changes.

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Jul 23, 2017

      What about 2048 bytes

       

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Jul 23, 2017

      when I created the ASM policy longtime back I didn't notice the value of Max. cookie header length (It comes on Policy properties page). As per documentation it is any by default. But in my case I am able to see the value like 2048. I want to know how this value comes and where ?

       

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Jun 20, 2016

    8192 Is indeed the maximum and I think you only have 2 workarounds - disable the violation, or write a custom iRule. Disabling the violation itself would probably make the most sense here.

    Go to policy blocking settings, and un-tick the 'learn/alarm/block' boxes under 

    Illegal cookie length
    violation. Save and apply changes.

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Jul 23, 2017

      What about 2048 bytes

       

    • MSZ's avatar
      MSZ
      Icon for Nimbostratus rankNimbostratus
      Jul 23, 2017

      when I created the ASM policy longtime back I didn't notice the value of Max. cookie header length (It comes on Policy properties page). As per documentation it is any by default. But in my case I am able to see the value like 2048. I want to know how this value comes and where ?