Bug ID 1069441: Cookie without '=' sign does not generate rfc violation

Last Modified: Dec 14, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.1, 15.1.10

Opened: Dec 21, 2021

Severity: 3-Major


If a request includes a Cookie header that only contains the name of the cookie without an equal sign (=) and a corresponding value, it might not result in a violation as expected according to the RFC (Request for Comments) specifications.


The request is not blocked.


-Set Cookie not RFC-compliant to 'Block' -Request with Cookie header with name only, for example 'Cookie:a'



Fix Information

The request is blocked and reported with "Cookie not RFC-compliant violation"

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips