Maybe a really dumb question, we are playing around with our f5 and see a lot of this - all such request are blocked. Any idea why this happens?
Original request: PD_STATEFUL_***=%2Fpublic;
Decoded request: PD_STATEFUL_***=/public;
When reviewing your ASM request logs for this request what is it reporting for the violation?
Example "illegal meta character in value"
Just this: Modified domain cookie(s) 
Cookie Name: PD_STATEFUL_***
Cookie Value: %2Fpublic