Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode.     Despite the fact that our Website only utilises a handful of cookies (all confi...
app sec
BIG-IP Access Policy Manager (APM)
security
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Nov 11, 2008
Hi David,

 

 

By design for security reasons, a browser should never include a cookie in a request to one domain which was set for another domain. Is it possible that the cookies are being set on a different subdomain that is part of your root domain? If so, you could add them as allowed modified domain cookies in the ASM policy to tell ASM to ignore them.

 

 

Can you post some anonymized examples of the requests? If you're not able to reproduce the issue, it might help to add an iRule which logs the cookies in requests and responses. You could modify a version of one of the Codeshare logging examples:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/LogHttpHeaders.html

 

 

This rule would use a lot of CPU time, so be careful about adding it to a production virtual server.

 

 

Also, there have been a lot of significant issues fixed in the latest version and hotfix (9.4.5 hotfix 2), so it would be a good idea to upgrade when possible.

 

 

Aaron