Forum Discussion

Nimbostratus

Nov 22, 2016

ASM | Too many cookies in the request

Hi I am getting some (what i believe to be) legit requests blocked by ASM. The violation is 'Modified domain cookie(s) , but when i click it to get more info on the violation i get; Too many...

Cirrocumulus

Nov 23, 2016

I believe that ASM will detect this as a violation because this condition (55 cookies with the same name/different values) actually breaks the RFC standard for cookies.

RFC6265 states:

"Servers SHOULD NOT include more than one Set-Cookie header field in the same response with the same cookie-name"

Forum Discussion

ASM | Too many cookies in the request

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

iRule to take cookie from HTTP Response into HTTP Request via table

BIG-IP 17.0 ASM Cookie based allow requests

Cookie-based DDoS protection

Cookie Tampering Protection using F5 Distributed Cloud Platform

Logging DNS Requests