Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode.     Despite the fact that our Website only utilises a handful of cookies (all confi...
app sec
BIG-IP Access Policy Manager (APM)
security
Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 12, 2008
Heres a couple of examples.

 

First example:

 

 

Cookie name = Finjan-Auth

 

 

GET /savingapps/html/forms/savings_app_help/empdetails.html HTTP/1.0

 

Accept: */*

 

Accept-Language: en-gb

 

Cookie: Finjan-Auth=57lMEvEiJ4m0fM7nn5lHEVOBbvP6PdULKtwOztu7Ksq+w/0MRxa/uQoLytSjnmc0; SIVISITOR=MjIuNzIyLjExNzk5NTI2NjYxNTguMTIyNjUwMDI0ODIyMQ__; s_cc=true; s_sq=britbscoukprod%3D%2526pid%253Dhome.c_savings.product.notice_accounts.premsav.sav_app.html%2526pidt%253D1%2526oid%253Djavascript%25253Aaccounttype%252528%252527premsav%252527%252529%2526ot%253DA%2526oi%253D72; TS4b6c63=c278badda7d8ed901729b76101906803d9f41bcef991d297491ae896; IV_JCT=%2Fhome; JSESSIONID=0001dD8eCt-Apy_8TnmT9_u0G2c:-DG1FS6; PD_STATEFUL_1ebd5b44-3ba1-11dd-aa70-c0a84102aa77=%2Fsavingapps

 

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

 

Host: www.britannia.co.uk

 

Connection: Keep-Alive

 

 

Second example:

 

 

Cookie names (3 of them)

 

L6289

 

_mkto_trk

 

__utma

 

 

GET /mortgageapp/css/layout/mbox.css HTTP/1.1

 

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-gb) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1

 

Referer: https://www.britannia.co.uk/mortgageapp/mac_safari.html

 

Accept: text/css,*/*;q=0.1

 

Accept-Language: en-gb

 

Cookie: camp=sageampFFJUF584%60%60Mon%2C%2010%20Mar%202008%2014%3A26%3A03%20GMT%7CsageampPCJWO184%60%60Mon%2C%2010%20Mar%202008%2014%3A26%3A03%20GMT%7C; sageamp=sageampFFJUF584%7CsageampNLVOD421%7CsageampPCJWO184%7CsageampVUQND682%7CsageampLLOEC769%7CsageampUQGLM194%7C; s_pers=%20s_favsn_paypalglobal_1%3D1100029004737%7C1522106457646%3B; __utma=186137275.938163156.1209930838.1209930838.1209930838.1; s_vi=[CS]v1|48AD3FD4000045C0-A000BAF000009E1[CE]; AMOS_PREF=sac%3Dg3%252Ck36; _mkto_trk=id:841-CMW-048&token:_mch-co.uk-1223594949213-99427; L6289=1.1226588030336; SIVISITOR=NS43NjEuODM3MDI2NTY5OTkyMy4xMTk4NDA4MDk1NTQ2; IV_JCT=%2Fhome; s_cc=true; s_sq=britbscoukprod%3D%2526pid%253Dhome.mortgage.index.html%2526pidt%253D1%2526oid%253Djavascript%25253AmtgcalcquotepopUp%252528%252529%25253B%2526ot%253DA; PD_STATEFUL_125df088-1d16-11dd-9e46-c0a84102aa77=%2Fmortgageapp; TS4b6c63=fbbf9a6f4814833639a68c5e3589440e1d0f7873d98da270491aed97

 

Connection: keep-alive

 

Host: www.britannia.co.uk

 

 

 

Do these help?