Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM, Install/Upgrade
Known Affected Versions:
12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2
Opened: Jul 13, 2016 Severity: 3-Major Related Article:
K20323120
False positive modified ASM cookie violation. Perhaps other false positive cookie related violations.
False positive violations. A blocking page will be shown in case the modified ASM cookie is set to blocking (which is the default for this violation in case the policy is in blocking state).
System upgraded to 12.1.x. Existing end users are connected with their browsers to the site.
There are three options: A. Set the modified ASM cookie violation to transparent after an upgrade for some time after the upgrade. B. Use the erase cookie blocking page as the default blocking page for some time after the upgrade. C. Use an iRule similar to the following: when ASM_REQUEST_DONE { if {[ASM::violation names] contains "VIOLATION_MOD_ASM_COOKIE"} { log local0. "remove TS01d2cce8 cookie" HTTP::respond 302 Location "http://sub.some_domain.com/index.html?[ASM::support_id]" "Set-Cookie" "TS01d2cce8=deleteOldTSCookie;expires=Thu, 01 Jan 1970 00:00:01 GMT" }
Modified ASM cookie violation no longer happens after upgrade to this version.