iRule to prevent XSS attack

Question

How would I write an iRule to prevent an XSS attack on an HTTPS site.&nbsp;

jayson_haxton_2 · Answer

I want to prevent someone from adding "%20was%20changed.%20Please,%2
0Visit%20Attacker.com%20because%20this%20page" to the URL.&nbsp;

hannes_rapp · Answer

Use ASM module which is meant for it. Going with iRule is fixing broken bones with band aids.&nbsp;
For mitigating XSS attacks executed via HTTP headers or HTTP URI, a LTM iRule solution would not be that bad. However, for complete mitigation, you also need to look for XSS attacks in POST payload. For that last scenario, a iRule solution is not feasible. It would cause significant degradation of your app performance.&nbsp;

Forum Discussion

iRule to prevent XSS attack

2 Replies

Recent Discussions

rSeries and tenant upgrades

redirect not working

cat and grep command for rst messages

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

ESRP Strategies: DNS Water Torture Attack

Prevent some SQL attacks

Juice jacking attack and State-funded attacks - April 15th - 21st - This Week in Security

Re: SSL Renegotiation DOS attack – an iRule Countermeasure