Bug ID 1036969: Chrome sometimes ignores cross-site bot-defense cookies

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,

Opened: Jul 28, 2021

Severity: 3-Major


Chrome ignores cross-site bot-defense cookies when bot-defense is sending 307 redirect.


The other site/domain resource will not display correctly on Chrome


A site is using another site/domain resources that are also protected by bot-defense


iRule work-around based on:https://devcentral.f5.com/s/articles/iRule-to-set-SameSite-for-compatible-clients-and-remove-it-for-incompatible-clients-LTM-ASM-APM. Or, disabling simple redicret via TMSH: tmsh modify sys db dosl7.proactive_defense_simple_redirect { value "disable" } tmsh modify sys db dosl7.proactive_defense_simple_redirect_on_grace { value "disable" }

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips