Forum Discussion

Dave_Burnett_20's avatar
Dave_Burnett_20
Icon for Nimbostratus rankNimbostratus
Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode.     Despite the fact that our Website only utilises a handful of cookies (all confi...
app sec
BIG-IP Access Policy Manager (APM)
security
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Nov 13, 2008
The cookies could be set by any web application that is on the britannia.co.uk domain or the www.britannia.co.uk subdomain. I don't think you can tell where they're being set just by looking at the requests being made to the VIP.

 

 

As Ido suggested, you could use an iRule to remove the cookies, but that might break the application that set them. You could potentially remove all but the cookies you want to check in HTTP_REQUEST and then reinsert them in HTTP_REQUEST_SEND using 'clientside {HTTP::cookie insert name $original_cookie_name value $original_cookie_value}'. I haven't tested this, but it seems like it would be possible.

 

 

If there aren't any known issues where a client could tamper with the application cookie values, I'd just disable the check. It means that ASM won't check to see if the application cookies have been modified by the client.

 

 

Thanks,

 

Aaron