Forum Discussion

Nimbostratus

Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode. Despite the fact that our Website only utilises a handful of cookies (all confi...

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Nov 13, 2008

It would be most helpful to see the response(s) where these cookies are being set. They may not be from your application, but could be from other applications on the britannia.co.uk domain. The __utma cookie is a Google Analytics cookie. The _mkto_trk cookie looks to be from a marketing company, Marketo. I couldn't find any info on the L6289 cookie. I'd guess it's something custom.

If you're not worried about the client modifying these cookies, you could either configure them individually as allowed modified domain cookies, or you could disable checking of domain cookies altogether. Unless we know of a specific issue in the application we're configuring a policy for with badly encrypted cookies we normally disable this check anyhow.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Modified Domain Cookie blocking

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

domain blocking

modified domain cookies

Enriching AFM with public domain Threat Intelligence

iRule to modify a content-security-policy header

Blocking domains

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS