Bug ID 1328573

Bug Tracker
ID 1328573

Bug ID 1328573: Illegal repeated header violation is not enforced for cookie header

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Opened: Aug 08, 2023

Severity: 3-Major

Symptoms

When "Allow Repeated Occurrences" is disabled on Cookie header and Illegal Repeated Header violation is enabled in Learning and Blocking settings, the expectation is that any request with multiple Cookie headers will be flagged as alarm/block. However, this does not happen.

Impact

Illegal requests are allowed.

Conditions

1) "Allow Repeated Occurrences" is disabled on Cookie header via Rest. 2) Illegal Repeated Header violation is enabled in Learning and Blocking settings.

Workaround

N/A

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips