Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortikar
New Contributor

How to prevent information disclusore by renaming "cookiesession1"?

Hi,

For the first HTTP/HTTPS request from a client, FortiWeb embeds a cookie in the response’s Set-Cookie: field in the HTTP header. It is named cookiesession1. you will see this cookie name (coockiesession1) if you capture a HTTP/HTTPS packet Since this is a uniqe cookie name, a disclusore happened becuase the attacker notices that there is a fortiweb appliance on the traffic of backend servers. my question is How can i rename "cookiesession1" in order to prevent information disclusore from our network?

2 REPLIES 2
emnoc
Esteemed Contributor III

Good question

 

I believe in your waf security policy you can set cookie name and define a cookie name. In all fairness, you should be using https and encrypted cookie response but in this case you want to not use cookiesession1 as common cookie name in the response.

 

e.g ( using www.fortinet.com ) 

 

Set-Cookie: cookiesession1=678A3E62IJKLMNQRSTUV012456780E56;Expires=Thu, 14 Jul 2022 12:06:20 GMT;Path=/;HttpOnly

 

That tells me they have a fortinet product stuck in the path ;) Search for "set cookie_name"  in the cli guide and give us an update if you do figure it out.

 

Ken Felix

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
fortikar
New Contributor

emnoc wrote:

Good question

 

I believe in your waf security policy you can set cookie name and define a cookie name. In all fairness, you should be using https and encrypted cookie response but in this case you want to not use cookiesession1 as common cookie name in the response.

 

e.g ( using www.fortinet.com ) 

 

Set-Cookie: cookiesession1=678A3E62IJKLMNQRSTUV012456780E56;Expires=Thu, 14 Jul 2022 12:06:20 GMT;Path=/;HttpOnly That tells me they have a fortinet product stuck in the path ;) Search for "set cookie_name"  in the cli guide and give us an update if you do figure it out. Ken Felix 

 

 

unfortunately there isn't any content. i reviewed all of available fortiweb documents and i didn't see anything. i guess that fortinet has omitted this important subject. and i wish this feature be added to fortiweb on next updates anyway,if this option exists on fortiweb please inform me by your knowledge

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors