Follow

Q&A: What cookies are leveraged in Silverline WAF?

Question

  • How do cookies work in Silverline?
  • How can I identify Silverline cookies in the client traffic?

Environment

  • Silverline WAF
  • BIG-IP ASM
  • Proxy/Proxies
  • Cookies

Answer

  • The TS cookie is set by our infrastructure (BIG-IP ASM), and is an integral part of the Security Silverline offers. The BIG-IP ASM system validates these cookies returning from the clients to ensure that the cookies are not modified.
  • The ASM Main cookie is inserted into HTTP responses to client requests. The ASM Main cookie serves the following functions:

    • Validates domain cookies and qualifying subdomain cookies: The ASM Main cookie verifies that the domain and subdomain cookies that are sent from the webserver to the client are not altered. The BIG-IP ASM system parses HTTP responses from the webserver for the Set-Cookie header. If the Set-Cookie header is present, the BIG-IP ASM system performs a hash on the cookie and inserts the hash value into the ASM Main cookie.
    • Detects session expiration: The BIG-IP ASM system uses the ASM Main cookie to track user sessions for session expiration.
    • Validates the integrity of the ASM Frame or Feature cookies: The ASM Main cookie verifies the integrity of the ASM Frame or Feature cookies to ensure they are not altered.
  • The ASM Main cookie name structure contains eight hexadecimal characters (TSxxxxxxxx).

Related Content

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request