Message Image

Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Cloud WAF : Cookie Poisoning/Tampering protection

Jump to Best Answer

Worachat Sarsa05-17-2021 04:30

Hi, Is there any way to configure cookie protection policy like Cookie Signing Policy or Profile Policy's ...

Jaired Anderson07-01-2021 10:18Best Answer

Hi Worachat, Unfortunately, Cloud WAF currently does not support the same cookie tampering features ...

1. Cloud WAF : Cookie Poisoning/Tampering protection

1 Like
Worachat Sarsa
Posted 05-17-2021 04:30
Hi,

Is there any way to configure cookie protection policy like Cookie Signing Policy or Profile Policy's cookie tampering rule in SecureSphere?
The current available filters in custom rule seems to allow putting static value to check only.
Is there a way to make Cloud WAF remember web application's cookie for each session and prevent it from being altered?

Thanks.

#CloudWAF(formerlyIncapsula)

------------------------------
Worachat Sarsa
SE
Exclusive Networks TH
Huaykwang
------------------------------
2. RE: Cloud WAF : Cookie Poisoning/Tampering protection
Best Answer

1 Like
Jaired Anderson
Posted 07-01-2021 10:18
Hi Worachat,

Unfortunately, Cloud WAF currently does not support the same cookie tampering features as in SecureSphere.

There is an existing feature request to add this functionality to CWAF. Please vote on this request via UserVoice.

https://imperva.uservoice.com/forums/924106-application-security/suggestions/39275503-cookie-signing-cookie-injection-cookie-tampering-p

Thank you.

Original Message

Powered by Higher Logic