Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

OWASP A2 HTTP Cookie Protection

Hello all,

I'm looking for any information regarding configuration of HTTP cookie protection on ASM v12.1.2. I understand automatic policy builder includes this protection when using enhanced and comprehensive policy types but when using the manual policy builder, this must be manually configured (am I correct?). Is there any documentation on how to configure this? At a dead end...

Thanks!

Toneman

0
Rate this Question
Comments on this Question
Comment made 4 months ago by Shann_P 352

I was under the impression that this was default with ASM as I've never had to configure it. ASM adds in a Traffic Shield cookie that is a key/value pair with the cookie itself so that if the cookie is altered or the TS cookie is altered, the violation is thrown.

Just my experience with ASM.

0
Comment made 4 months ago by toneman172 56

Thanks for the reply. One of the ASM controls addressing A2 is "HTTP cookie protection (Enhanced)". In the BIG-IP ASM Operations Guide (September 2017) pg. 35, the guide reads "Where applicable, the policy type that automatically includes the mechanism is listed in parenthesis". "Fundamental", "Enhanced", and "Comprehensive" are listed in parenthesis following this statement for various ASM controls in Table 4.1 OWASP Compliance which, I believe, implies that if you are not using the Automatic Policy Builder (that contains these three policy types) it must be configured manually. Since I'm using the manual method, I'm concerned that this protection is not enabled.

Thanks!

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

toneman172,

The feature you are after is Enforced Cookies. By configuring a cookie as Enforced protects it against modification. See the v12 Implementation Guide for further information, including how to set this up Implementation Guide - About Cookies

Hope this helps,

N

0
Comments on this Answer
Comment made 4 months ago by toneman172 56

This looks like what I've been after. Thanks N!

0
Comment made 4 months ago by nathan 6927

No probs

0