Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP ASM, Install/Upgrade
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2
Opened: Jul 13, 2016
Severity: 3-Major
Related Article:
K20323120
False positive modified ASM cookie violation. Perhaps other false positive cookie related violations.
False positive violations. A blocking page will be shown in case the modified ASM cookie is set to blocking (which is the default for this violation in case the policy is in blocking state).
System upgraded to 12.1.x. Existing end users are connected with their browsers to the site.
There are three options: A. Set the modified ASM cookie violation to transparent after an upgrade for some time after the upgrade. B. Use the erase cookie blocking page as the default blocking page for some time after the upgrade. C. Use an iRule similar to the following: when ASM_REQUEST_DONE { if {[ASM::violation names] contains "VIOLATION_MOD_ASM_COOKIE"} { log local0. "remove TS01d2cce8 cookie" HTTP::respond 302 Location "http://sub.some_domain.com/index.html?[ASM::support_id]" "Set-Cookie" "TS01d2cce8=deleteOldTSCookie;expires=Thu, 01 Jan 1970 00:00:01 GMT" }
Modified ASM cookie violation no longer happens after upgrade to this version.
