On a website, there is a pop-up that contains an "I agree" button. When the button is clicked, AJAX/cookies updates a database table that records the user's acceptance of the terms of use for that website. The Sophos UTM WAF is stopping this from happening. Below is an excerpt from the WAF log:
...
2019:02:17-00:00:05 gateway httpd[13772]: [cookie:error] [pid 13772:tid 3895241584] [client 192.168.0.207:53554] No signature found, cookie: documentheight, referer: www.mysite.com/.../index.php
2019:02:17-00:00:05 gateway httpd[13772]: [cookie:warn] [pid 13772:tid 3895241584] [client 192.168.0.207:53554] Dropping cookie 'documentheight' from request due to missing/invalid signature, referer: www.mysite.com/.../index.php
2019:02:17-00:00:05 gateway httpd[13772]: [cookie:error] [pid 13772:tid 3895241584] [client 192.168.0.207:53554] No signature found, cookie: jqCookieJar_options, referer: www.mysite.com/.../index.php
2019:02:17-00:00:05 gateway httpd[13772]: [cookie:warn] [pid 13772:tid 3895241584] [client 192.168.0.207:53554] Dropping cookie 'jqCookieJar_options' from request due to missing/invalid signature, referer: www.mysite.com/.../index.php
2019:02:17-00:00:05 gateway httpd: id="0299" srcip="192.168.0.207" localip="60.140.60.157" size="216" user="-" host="192.168.0.207" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="208203" url="/support/staff/index.php" server="www.mysite.com" port="443" query="?/Base/AJAX/OnlineStaff&_=1550379595448" referer="www.mysite.com/.../index.php cookie="SWIFT_rememberusername30=TestUser; SWIFT_sessionid20=9RDbhw9CYeDt5r5c3b3c8643aaad49314a80116701th5831d522R4Et8BD59ZOx; SWIFT_sessionid30=koPV2q9t4ed749Nfg67c33881a358962f9dfe443863927bfa9dc40e4hj7DPZ69RSMXzKvIOz1BMriKqyx; sid_admin_cdaf9=69add413d1d54836c7ab0b1bcba38d70-0-A; SWIFT_rememberpassword20=trYIHj%2FyajJm%2FnFAuE3P6SU%2FD8nzl8%2FtFOXr5tw6yzSLjUmIPUxOUzKtRX9us3wG7QfTsCcLO8Cw%2FNy63dNw7jDA%3D%3D; SWIFT_rememberpassword30=trYIHj%2FyajJm%2FnFAuE3P6SU%2FD8nzl8%2FtFOX2w6yzSLjUmIPUxOUzKtRX9hgghG7QfTsCcLO8Cw%2FNy63dNw7jDA%3D%3D; SWIFT_rememberusername20=TestUser" set-cookie="-" websocket_scheme="-" websocket_protocol="-" we
2019:02:17-00:00:05 gateway httpd: bsocket_key="-" websocket_version="-" uid="XGjqVTLwWoEAffXMpUAAAAAc"
...
I'm guessing the cookie is not signed because it is created by JavaScript. This pop-up will display on every page until the database is updated and shows that the user accepted the terms. The JavaScript/AJAX code is in the header template so it is on every page of the site.
What is the best way to fix this? Is there anyway other than turning off cookie signing for the entire site?
This thread was automatically locked due to age.