Bug ID 703678: Cannot add 'secure' attributes to several ASM cookies

Last Modified: Nov 23, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 16.0.0, 16.0.0.1, 16.0.1

Opened: Jan 25, 2018
Severity: 3-Major

Symptoms

There is an option to add 'secure' attribute to ASM cookies. There are some specific cookies which this option does not apply on.

Impact

Some cookies do not have the 'secure' attributes.

Conditions

-- ASM policy is attached to the virtual server. -- Internal parameter 'cookie_secure_attr' flag is enabled, along with either of the following: + Using HTTPS traffic. + The 'assume https' internal parameter is also enabled. -- Along with one of the following: + Web Scraping' feature is enabled. + 'Bot Detection' feature is enabled. + The 'brute force' feature is enabled using CATPCHA.

Workaround

None.

Fix Information

None

Behavior Change