For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

schusb's avatar
schusb
Icon for Nimbostratus rankNimbostratus
Dec 05, 2018

Modified domain cookie TSPD_101

Based on the article we know that the cookie TSPD_101 can be set by ASM even there's no Proactive Bot Defence or DoS-Profile aktive.

 

We have set the type of the cookie with name: * to Enfored, which means that a cookie set (at server side) may not be changed by the client. Interesting is that ASM complains about TSPD_101 has been modified.

 

Do we have to define the TSPD_101 cookie explicit with type Allowed?

 

ASM Advanced WAF
cookie
modified domain cookie
security

1 Reply

  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Dec 07, 2018

    The cookie should not be modified by the client. If you find that the client is modifying the TSPD_101 cookie, I would take an httpwatch capture and open a case with support.