Forum Discussion

Nimbostratus

Jul 29, 2021

ASM / WAF : block request containing certain string?

I have added as much XSS blocking to a policy as possible. A request containing onmouseover or onclick or .... ="alert('hello')" is blocked fine.

But when it's coded like onmouseover or onclick or .... ="self['\x....... the ASM accepts this as valid.

Can I block a request with this parameter value?

How do I achieve this?

ASM Advanced WAF

ASM WAF

security

1 Reply

aglinka
Nimbostratus
Jul 30, 2021
Please give example of Your blocking rule You are currently implementing.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM / WAF : block request containing certain string?

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Need Advice on below issue

SSO login for APM Profiles

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Related Content

Knowledge sharing: Containers, Kubernetes, Openshift, F5 Container Connector, NGINX Ingress

ASM blocked request contains & (ampersand) symbol in parameter value

Logging DNS Requests

Scaling Containers

Enable Consistent Application Services for Containers with CIS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS