BIG-IP Next v20.3.0 (latest) BIG-IP Next v20.2.1 BIG-IP Next v20.2.0 BIG-IP Next v20.1.0 BIG-IP Next v20.0.2
  • Release Notes
  • Install BIG-IP Next
  • BIG-IP Next Central Manager
  • WAF Management
  • iRules
  • Support and Troubleshooting
  • Attribution Reports
  • API Specification
On this page:
  • Overview: WAF Cookie Protection
    • Cookie Protection on BIG-IP Next Central Manager
    • Cookie Protection in BIG-IP Next Central Manager’s Policy Editor
  • CloudDocs Home > BIG-IP Next > Overview: WAF Cookie Protection

Version notice:

Overview: WAF Cookie Protection¶

Many web-based applications use cookies to help users navigate the website efficiently and perform certain functions. For example, web servers may use cookies to authenticate users logging in to secure applications, or an application can use cookies to store user preferences. Whether using automatic policy building or manually creating a security policy, you may want to add cookies that the web application uses.

You may want a security policy to ignore certain known and recognized cookie headers that are included in HTTP requests. For example, if cookies can change on the client side legitimately, you can create allowed cookies.

You may also want a security policy to prevent changes to specific cookies, such as session-related cookies that are set by the application. If so, you can create enforced cookies. The cookie in the request must not be modified, or it generates the Modified Domain Cookie violation. For more information about cookie violations, see Reference: Cookie Enforcement.

How to manage cookie enforcement:

Cookie Protection on BIG-IP Next Central Manager¶

  • Manage Cookies on BIG-IP Next Central Manager

  • API examples: Manage cookies

  • Reference: Cookie Enforcement

Cookie Protection in BIG-IP Next Central Manager’s Policy Editor¶

  • How to: Set Enforcer Cookie Settings

Previous Next
Leave Feedback [+]