Bug ID 1284073: Cookies are truncated when number of cookies exceed the value configured in "max_enforced_cookies"

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3

Fixed In:
17.1.1, 16.1.5

Opened: Apr 02, 2023

Severity: 3-Major

Symptoms

When a request contains more cookies than configured in “max_enforced_cookies” and the “strip_asm_cookies” parameter is enabled, the cookie header is truncated and not all the cookies reach the server.

Impact

All the cookies do not reach the server.

Conditions

Occurs when - ASM is provisioned. - Request contains more cookies than configured in “max_enforced_cookies”. - Parameter “strip_asm_cookies” is enabled.

Workaround

-- Disable the internal parameter “strip_asm_cookies”. -- Disabling the database key makes the behavior similar to the behavior in BIG-IP version 14. For more information, see K30023210. -- If you don’t want the old behavior before BIG-IP version 14, you can use the same solution as for versions before BIG-IP version 14: disable the sys db key. You can also use an iRule to remove the TS cookie from the server side. For more information, see K66438993.

Fix Information

Skipping the removal of ASM cookies when the cookies are more than max_enforced_cookies.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips