Forum Discussion

schusb's avatar
schusb
Icon for Nimbostratus rankNimbostratus
Dec 05, 2018

Modified domain cookie TSPD_101

Based on the article we know that the cookie TSPD_101 can be set by ASM even there's no Proactive Bot Defence or DoS-Profile aktive.

 

We have set the type of the cookie with name: * to Enfored, which means that a cookie set (at server side) may not be changed by the client. Interesting is that ASM complains about TSPD_101 has been modified.

 

Do we have to define the TSPD_101 cookie explicit with type Allowed?

 

ASM Advanced WAF
cookie
modified domain cookie
security
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Dec 07, 2018

    The cookie should not be modified by the client. If you find that the client is modifying the TSPD_101 cookie, I would take an httpwatch capture and open a case with support.