Forum Discussion

Nimbostratus

Jun 10, 2015

Cookie RFC compliant? Unusual use case

I'm investigating some interesting security events when implementing ASM rules against a VIP. The ASM logs list an event that the request contains "Cookie not RFC-compliant" due to "Invalid character...

ASM Advanced WAF

security

Erik_Novak

Employee

Jun 10, 2015

Try going to Application Security: Headers: Character set and then locate the character / 0x2f (hex). Change the state to allow, and then see if the violation goes away. You should be able to allow / in the value of any header field--I think cookies as well.

Erik

Forum Discussion

Cookie RFC compliant? Unusual use case

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Example OWASP Top 10-compliant declarative WAF policy

A basic OWASP 2017 Top 10-compliant declarative WAF policy

How to deploy a basic OWASP Top 10 for 2021 compliant declarative WAF policy for BIG-IP

How to deploy a basic OWASP Top 10 for 2021 compliant declarative WAF policy for BIG-IP (Part 2)

Cookie-based DDoS protection