Bug ID 604612: Modified ASM cookie violation happens after upgrade to 12.1.x

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM, Install/Upgrade(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2

Fixed In:
13.0.0, 12.1.2

Opened: Jul 13, 2016
Severity: 3-Major
Related AskF5 Article:
K20323120

Symptoms

False positive modified ASM cookie violation. Perhaps other false positive cookie related violations.

Impact

False positive violations. A blocking page will be shown in case the modified ASM cookie is set to blocking (which is the default for this violation in case the policy is in blocking state).

Conditions

System upgraded to 12.1.x. Existing end users are connected with their browsers to the site.

Workaround

There are three options: A. Set the modified ASM cookie violation to transparent after an upgrade for some time after the upgrade. B. Use the erase cookie blocking page as the default blocking page for some time after the upgrade. C. Use an iRule similar to the following: when ASM_REQUEST_DONE { if {[ASM::violation names] contains "VIOLATION_MOD_ASM_COOKIE"} { log local0. "remove TS01d2cce8 cookie" HTTP::respond 302 Location "http://sub.some_domain.com/index.html?[ASM::support_id]" "Set-Cookie" "TS01d2cce8=deleteOldTSCookie;expires=Thu, 01 Jan 1970 00:00:01 GMT" }

Fix Information

Modified ASM cookie violation no longer happens after upgrade to this version.

Behavior Change