cancel
Showing results for 
Search instead for 
Did you mean: 

Good or bad cookie

Hi,

how can I check cookies whether they are good e.g. used for shopping sites or bad, used for phishing information.

And then blog or forward the cookie.

Thanks

Robert

0 Kudos
5 Replies
sroering
Level 13

Re: Good or bad cookie

I'm not sure how cookies could be used for phishing. They are essentially a method of storing data and don't execute any code or have the ability to spread malware. Do you have an example of the larger problem you are trying to solve?

0 Kudos

Re: Good or bad cookie

HI sroering,

simply I want to block all cookies and alow only those we realy need.

Needed cookies could bo those for shopping sites.

Robert

0 Kudos
sroering
Level 13

Re: Good or bad cookie

So you are really talking about an arbitrary list. Perhaps you have a ruleset that removes all cookies for sites not in your safe category list.  But that's not going to protect you if a site is setting cookies using javascript.

0 Kudos

Re: Good or bad cookie

No I do not have a rule set that removes all cookies. :-(

It will help me a lot if you could tell me how such a rule set has to look like in MWG 7 .

I am aware that there is rest of risk of cookies generated by script.

Thanks

Robert

0 Kudos
asabban
Level 17

Re: Good or bad cookie

Hi Robert,

when a web site tries to set a cookie it will send a "Set-Cookie" header in the response. You could try to use the "Header.RemoveAll" event to remove the header before a response makes it to the client. So the client will not be instructed to set a cookie.

You can apply this for all web sites and use the rule criteria to set exceptions, for example only execute the rule if the web site is NOT in the shopping category.

Best,

Andre

0 Kudos