Forum Discussion

PowerShellDon_1's avatar
PowerShellDon_1
Icon for Nimbostratus rankNimbostratus
Nov 22, 2016

ASM | Too many cookies in the request

Hi

I am getting some (what i believe to be) legit requests blocked by ASM. The violation is 

'Modified domain cookie(s)
, but when i click it to get more info on the violation i get;

Too many cookies in the request. Cannot provide complete violation details.

This is a site that serves our authentication mechanism using OpenID. It's an authentication cookie that has been duplicated and now has 55 instances of the token (55 cookies, same name, different unique values)

Questions

  • Is the violation due to the high number of cookies? Or has the ASM cookie actually been modified?
  • Can i allow for this to happen? I suspect there is something our devs can change but in the mean time, i don't want to block customers from logging in due to this.

Headers total at ~ 4500 bytes so it's not hitting any max-header size rules.

application delivery
ASM Advanced WAF
security

2 Replies

Sort By
  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Nov 22, 2016

    The quickest way to deal with this violation is to accept the learning suggestion for it. If you go to the Traffic Learning page, you should be able to locate the violation and accept a suggestion from there. If not, go to the blocking settings page and uncheck the "Block" option for that violation. That will allow your users to connect unimpeded.

     

  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Nov 23, 2016

    I believe that ASM will detect this as a violation because this condition (55 cookies with the same name/different values) actually breaks the RFC standard for cookies.

     

    RFC6265 states:

     

    "Servers SHOULD NOT include more than one Set-Cookie header field in the same response with the same cookie-name"