Bug ID 703678: Cannot add 'secure' attributes to several ASM cookies

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4, 16.0.0,, 16.0.1,,, 16.1.0

Opened: Jan 25, 2018
Severity: 3-Major


There is an option to add 'secure' attribute to ASM cookies. There are some specific cookies which this option does not apply on.


Some cookies do not have the 'secure' attributes.


-- ASM policy is attached to the virtual server. -- Internal parameter 'cookie_secure_attr' flag is enabled, along with either of the following: + Using HTTPS traffic. + The 'assume https' internal parameter is also enabled. -- Along with one of the following: + Web Scraping' feature is enabled. + 'Bot Detection' feature is enabled. + The 'brute force' feature is enabled using CATPCHA.



Fix Information


Behavior Change