Forum Discussion
2 Replies
Sort By
- Jayson_Haxton_2Nimbostratus
I want to prevent someone from adding "%20was%20changed.%20Please,%2 0Visit%20Attacker.com%20because%20this%20page" to the URL.
- Hannes_RappNimbostratus
Use ASM module which is meant for it. Going with iRule is fixing broken bones with band aids.
For mitigating XSS attacks executed via HTTP headers or HTTP URI, a LTM iRule solution would not be that bad. However, for complete mitigation, you also need to look for XSS attacks in POST payload. For that last scenario, a iRule solution is not feasible. It would cause significant degradation of your app performance.