Forum Discussion
toneman172_1806
Nov 29, 2017Nimbostratus
Thanks for the reply. One of the ASM controls addressing A2 is "HTTP cookie protection (Enhanced)". In the BIG-IP ASM Operations Guide (September 2017) pg. 35, the guide reads "Where applicable, the policy type that automatically includes the mechanism is listed in parenthesis". "Fundamental", "Enhanced", and "Comprehensive" are listed in parenthesis following this statement for various ASM controls in Table 4.1 OWASP Compliance which, I believe, implies that if you are not using the Automatic Policy Builder (that contains these three policy types) it must be configured manually. Since I'm using the manual method, I'm concerned that this protection is not enabled.
Thanks!