ASM Cookie Hijacking

Question

I have an app co-prossessing to two datacenters.&nbsp;
In DC1, I'm running 11.4.1 HF3
In DC2, I'm running 11.6 HF3&nbsp;
One other difference is in DC2 I've enabled secure ASM cookies.&nbsp;
In DC2 I get a lot of: ASM Cookie Hijacking
In DC1 I get none of that, it's pretty clean.&nbsp;
Otherwise they have identicle configurations (I explicitly exported the ASM policy out of DC1 and imported into into DC2).&nbsp;
I think these are false positives, but the only solution article I came accross doesn't apply.  Anyone have a suggestion, or is there some other information that would be helpful to come to a conclusion?&nbsp;

arnaud_lemaire · Answer

Are you in a active/active scenario ? it could be that valid user attached in DC1 is at some point routed to DC2 and ASM detect a TS cookie he didn't generated ?&nbsp;

Forum Discussion

ASM Cookie Hijacking

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Changing samesite attribute on ASM TS Cookie

Patching Won't Prevent Compromise & Repos Hijacking June 18th – 24th This Week in Security

ASM not passing client cookies to the node servers

BIG-IP 17.0 ASM Cookie based allow requests

Cookie-based DDoS protection