Forum Discussion

mikegray_198028

Cirrus

Dec 02, 2015

can we block Cross-site scripting (XSS) in LTM

Hello, is there any possibility to block Cross-site scripting (XSS) in LTM module using Irule?

Nimbostratus

Dec 02, 2015

One could probably hobble something together in an iRule (there might even be some iRules for that in the codeshare area). Here is an example someone suggested.

This is really what ASM is for, however. That is tested and maintained. Rolling your own might work in some or even a lot cases, but it'll sign you up for maintaining it, which I wouldn't suggest.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

can we block Cross-site scripting (XSS) in LTM

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Cross Site Scripting (XSS) Exploit Paths

Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 BIG-IP

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

MASS Cross-Site Defacement

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS