For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Jan 11, 2023

Facing problem with Modified domain cookies

Hello. I'm facing problem with Modified domain cookies. I have configured ASM policy in blocking mode with some enforced cookies. Also I have enabled blocking on Modified domain cookies on Learning ...
application delivery
security
Aantat's avatar
Aantat
Icon for Cirrus rankCirrus
Jan 14, 2023

Hi,

So my app is simple web application - example.com. So violation is triggered when user access to app via example.com after www.example.com. I mean the problem is triggered with "www". Is there any suggestion on that? IDK about redirect, it was just my suggestion. 

Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Jan 14, 2023

Hi Aantat , 
The problem is triggered with issuing "www" but everything goes fine with using "example.com" directly. 
so I think if we redirect from "www.example.com" to "example.com" may this solve this issue. 
if you want to try the redirection , you can do it by LTM policy or irule , I can help you in this.
 

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Jan 14, 2023

    Also this is nice article:

     

     

    K47327904: BIG-IP ASM Main cookie domain attribute not set

    In some specific cases domain attribute for ASM Main cookie may not be set.

    https://support.f5.com/csp/article/K47327904