Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Oct 25, 2022

Modified domain cookie

Receive some blocked event about "modified domain cookie". After some research , a cookie "TSxxxxxxxx" is generated by F5 ASM and it used to hash the enforce cookie. When user got blocked, I found ...

Icon for Nimbostratus rank

Nimbostratus

Oct 26, 2022

The user is not internal.

"This is a tricky one as maybe the user is comming from a jump host or there is a proxy device before the F5 that does something" <-- You mean the proxy device will modify or delete the cookie?

All the links you posts i have already read before I post this question in this forum.

Icon for MVP rank

MVP

Oct 26, 2022

I admit that are all my suggestions as if the F5 is sending the cookie what happens on the client device, I can't tell 🙂

My final suggestion could be to also use One Connect profile as it helps with cookies and upstream proxy devices but outside of that I am out of ideas.

https://support.f5.com/csp/article/K7964

Jonathan - March 2026 Featured Member

DevCentral News

featured member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

DevCentral News

2026 F5 DevCentral MVP Announcement

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5