CSRF protection if HTTP response is compressed

Question

Hi, we plan to enable CSRF protection on the F5. As per the below solution, under the requirements it states that the response should NOT be compressed. - 
https://support.f5.com/kb/en-us/solutions/public/11000/900/sol11930.html&nbsp;
Is this referencing the response from the server or from the F5?&nbsp;
thnx&nbsp;

binarycanary_19 · Answer

It's server-side response. 
The solution says that: ASM modifies the response in order to insert the CSRF javascript, and it only does it for responses that contain  taghtml, and which are uncompressed.

Forum Discussion

CSRF protection if HTTP response is compressed

1 Reply

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Introduction of Incident Response

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cookie-based DDoS protection