Bug ID 1284073: Cookies are truncated when number of cookies exceed "max_enforced_cookies"

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.1.1

Opened: Apr 02, 2023

Severity: 3-Major

Symptoms

When request contains more cookies than configured in "max_enforced_cookies", and if parameter "strip_asm_cookies" is enabled, then cookie header is truncated and not all cookies reach the server.

Impact

Not all cookies reach server.

Conditions

- ASM is provisioned. - Request contains more cookies than configured in "max_enforced_cookies". - Parameter "strip_asm_cookies" is enabled.

Workaround

Disable internal parameter "strip_asm_cookies". Disabling the database key makes the behavior similar to the behavior in BIG-IP version 14, for more information see article K30023210. If the old behavior prior to BIG-IP version 14 is not desired, on top of disabling the sys db key, use the solution that is used to apply with versions prior to BIG-IP version 14 that is an iRule to remove TS cookie from server-side. For more information, see article K66438993.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips