Last Modified: Jul 24, 2024
Affected Product(s):
BIG-IP ASM
Fixed In:
17.1.1, 16.1.5
Opened: Apr 02, 2023 Severity: 3-Major
When request contains more cookies than configured in "max_enforced_cookies", and if parameter "strip_asm_cookies" is enabled, then cookie header is truncated and not all cookies reach the server.
Not all cookies reach server.
- ASM is provisioned. - Request contains more cookies than configured in "max_enforced_cookies". - Parameter "strip_asm_cookies" is enabled.
Disable internal parameter "strip_asm_cookies". Disabling the database key makes the behavior similar to the behavior in BIG-IP version 14, for more information see article K30023210. If the old behavior prior to BIG-IP version 14 is not desired, on top of disabling the sys db key, use the solution that is used to apply with versions prior to BIG-IP version 14 that is an iRule to remove TS cookie from server-side. For more information, see article K66438993.
None