Bug ID 904053: Unable to set ASM Main Cookie/Domain Cookie hashing to Never

Last Modified: Sep 18, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 16.0.0,

Opened: Apr 26, 2020
Severity: 3-Major


Disabling ASM Main Cookie/Domain Cookie hashing in a Policy's Learning and Blocking Setting with 'Never (wildcard only)' does not stop the ASM Main Cookie from continuing to hash server-provided cookies.


A sufficient number of ASM Main Cookies and/or a sufficiently large number of cookies for each ASM Main cookie to hash can result in the HTTP header becoming prohibitively large, causing traffic to be refused by the server.


-- ASM enabled. -- Learning mode enabled for Policy. -- Learn New Cookies set to 'Never (wildcard only)' instead of default 'Selective'.


Disable Learning mode for the Policy disables Cookie hashing. Note: This affects all learning, not just Cookie hashing.

Fix Information


Behavior Change