It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Cookie Tampering Attacks Logged When the Barracuda Web Application Firewall Is Initially Deployed

  • Last updated on

The Barracuda Web Application Firewall's default security policy signs all outgoing cookies. The Barracuda Web Application Firewall appends a digital signature to any web server cookie before delivering it to the client’s browser. When a subsequent request from the client returns the cookie, the Barracuda Web Application Firewall intercepts the request and verifies its signature. If the cookie is intact, the Barracuda Web Application Firewall forwards the original cookie to the server. If the cookie has been altered, signature verification fails, and the Barracuda Web Application Firewall removes the cookie and forwards the request to the server without the cookie.

When the Barracuda Web Application Firewall is deployed in front of your production web Server, all new cookies sent out by the web application are signed. Note that before deploying the Barracuda Web Application Firewall, many clients may already have cookies cached in their browsers. When the Barracuda Web Application Firewall encounters pre-existing, non-signed cookies, it interprets them as altered cookies and displays them as a Cookie Tampered message on the BASIC > Web Firewall Logs page.

These log entries gradually disappear as the old cookies expire and the web application sends new cookies, signed by the Barracuda Web Application Firewall.

The cookie security feature also checks for any incoming cookies. If any of the client sends them in a plain text format without the barracuda signature or encryption, the WAF shall drop such cookies and raise a noticed in the web firewall logs.

Related Articles

How to Secure HTTP Cookies