Forum Discussion
Illegal file type alerts and Expired cookie
Hi, I am receving illegal file type errors on ASM for File Type-.S-ID405T Also in response I can see the expiry date of cookie is Thu, 01 Jan 1970 00:00:00 GMT
Are these illegal file types are due to expiry of cookie as '.S-ID405T' is not a file type?
Please help me to understand this alert. Is it a real attack?
Regards Sanjib
GET /insurance/rescue/PLB92033842566274819202/yourdetails.do%3Bjsessionid=0886B5176CB7156CD1D70BA240B5AC81.S-ID405T HTTP/1.1 Host: www.xxxxxxxxx.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.6 Safari/534.57.2 Accept: / Referer: https://www.xxxxxxxxxx.com/insurance/rescue/startaction.do?entrypoint=0008&productline=0007 Cookie: userDC96961BEA265E7DB1761E1F003F6BCC.S-ID405T=0.878007774151972; user51FA7EB4A1BAF960F5114DE88B1E2376.S-ID406M=0.5686478041843894; user38942AF2244D969AA370C41B01A812DC.S-ID405T=0.8079538350109525; user1EAA3BCEFBBD4025B74C9109F132B74F.S-ID405T=0.29079457266023945; user0886B5176CB7156CD1D70BA240B5AC81.S-ID405T=0.980034353249698; UIS_Cookie=1150492332.20480.0000; TS01af89bf=018e41518101e8a70107454277464f7d177e7ede3f166c66de00447cab25e3fddb62a6204e49cd767c9b4a106489fbeaefec20ec3262533fe9e59f81dea7fd65bb64899c43; SIVISITOR=My41NDAuMjg2NzYwMzExNTczNy4xNDQ5MzQ2ODM2NzkwLi00NzY1OGIyNQ__*; CCFGFLAG=true;
HTTP/1.1 200 OK Cache-Control: no-cache,no-store,max-age=0 Pragma: No-cache Content-Length: 6108 Content-Type: text/html;charset=ISO-8859-1 Expires: Thu, 01 Jan 1970 00:00:00 GMT Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 Date: Sat, 05 Dec 2015 20:23:15 GMT
Hi Sanjib, Its not an attack. Its F5 Default value of cookie expiry.
- Samir_Jha_52506Noctilucent
Hi Sanjib, Its not an attack. Its F5 Default value of cookie expiry.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com