Forum Discussion

Nimbostratus

Nov 10, 2008

Modified Domain Cookie blocking

We have recently installed a pair of F56400s (v9.4.3) in front of our website with ASM in blocking mode. Despite the fact that our Website only utilises a handful of cookies (all confi...

app sec

BIG-IP Access Policy Manager (APM)

security

hooleylist

Cirrostratus

Apr 29, 2009

A good proxy wouldn't leave its cookies in requests it sends out as it opens itself up to session hijacking. In 9.4.2+, you can ignore the cookies which start with BCSI using the modified domain cookies setting. The field accepts wildcards, so you can configure BCSI-*. Also, you could use an iRule to remove these cookies from requests. This would not affect the proxy functionality and it would be a secure option. Your web app should ignore these cookies. And it definitely should not set any BCSI- cookies in its response.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Modified Domain Cookie blocking

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

domain blocking

modified domain cookies

Enriching AFM with public domain Threat Intelligence

iRule to modify a content-security-policy header

Blocking domains

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS