Forum Discussion

Nimbostratus

Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode. Despite the fact that our Website only utilises a handful of cookies (all confi...

app sec

BIG-IP Access Policy Manager (APM)

security

hoolio

Cirrostratus

Nov 13, 2008

Nevermind that suggestion... it shouldn't break your app if you removed the other application's cookies. The client would continue to submit the cookies to other applications on the same domain if they were set with a valid domain value by the other application.

And the cookie validation ASM provides with the modified domain cookies is good protection against cross site script attacks, so it would be ideal to leave the check enabled if you can fix the "non-local" cookies. This could be done by finding the app that is setting them or by removing them with an iRule in the HTTP_REQUEST event before ASM parses the request.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Modified Domain Cookie blocking

Recent Discussions

What is the best practice for migrating from iseries to rseries?

iRule to Force Source IP to Specific Backend Node

checking the fan status on the device.

what is this serial number b1:e5:bd:8f:2x:58:xx:27 in device certificate?

How is CPU/Memory shared across Virtual Servers?

Related Content

domain blocking

modified domain cookies

iRule to modify a content-security-policy header

Blocking domains

Enriching AFM with public domain Threat Intelligence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS