PowerShellDon_1
Nov 22, 2016Nimbostratus
ASM | Too many cookies in the request
Hi
I am getting some (what i believe to be) legit requests blocked by ASM. The violation is
'Modified domain cookie(s)
, but when i click it to get more info on the violation i get;
Too many cookies in the request. Cannot provide complete violation details.
This is a site that serves our authentication mechanism using OpenID. It's an authentication cookie that has been duplicated and now has 55 instances of the token (55 cookies, same name, different unique values)
Questions
- Is the violation due to the high number of cookies? Or has the ASM cookie actually been modified?
- Can i allow for this to happen? I suspect there is something our devs can change but in the mean time, i don't want to block customers from logging in due to this.
Headers total at ~ 4500 bytes so it's not hitting any max-header size rules.