What is the best way to block ajax requests?

Question

I have a page running behind the F5, the application makes queries to a database through AJAX, however for a programming error they left part of the code open, and after the time we discovered that a user made queries from an application through the page through AJAX requests.&nbsp;
The error of the code was solved, blocking those queries.&nbsp;
The query is: what is the best way (with an IRULE LTM, ASM, etc.) to block all AJAX queries that come from a user?&nbsp;
Thank you very much.&nbsp;

nathe · Answer

What about an irule like this?
when HTTP_REQUEST { 
if { [HTTP::header "X-Requested-With" ] equals "XMLHttpRequest" } { 
drop 
   } 
 }

Or a custom ASM signature with the following rule?
headercontent:"XMLHttpRequest"; nocase;
To be honest, a bit of a punt this. Other DCers may come back and highlight major errors with these approaches 🙂

Forum Discussion

What is the best way to block ajax requests?

1 Reply

Recent Discussions

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

About shun list for L7 DDoS?

Related Content

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ASM blocked request contains & (ampersand) symbol in parameter value

Block traffic

Block requests by reverse DNS record

Distributed caching of authentication requests with NGINX Ingress Controller