Forum Discussion
2 Replies
- samstepCirrocumulus
Cookie header is still a header and should be ASCII characters only in accordance with RFC2616. There is no way to change this behavior in ASM unless you disable the blocking for this rule (which is obviously not secure and should be avoided!)
If your application is sending a high-ASCII character in cookies it is breaking the standard. Even if your back-end web server can interpret high-ASCII characters it does not mean that the application should be sending them. High ASCII-Characters should be Encoded.
Talk to your application developers (if they are available) and ask them to change this and encode the cookie. If it is not possible then the suggested workaround is to write an iRule which will create an exception and allow the request for a particular URI (for example) while still blocking the rest of bad traffic.
- MSZNimbostratus
Hi
Did you use the v14.1.1 ?
It has the option microservice?