Forum Discussion

Nimbostratus

4 years ago

ASM / WAF : block request containing certain string?

I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine.

But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid.

Can I block a request with this parameter value?

How do I achieve this?

1 Reply

aglinka
Nimbostratus
4 years ago
Please give example of Your blocking rule You are currently implementing.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM / WAF : block request containing certain string?

1 Reply

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

F5OS restarting container services through REST API

F5 Container Ingress Services (CIS) deployment using Cilium CNI and static routes

F5 partners with Chainguard to offer NGINX Plus in security-hardened containers

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS