Forum Discussion

Nimbostratus

16 years ago

Cross-Script Audit

Hello, I have upgraded to version 10.0 and I got audited with this cross-script vulnerability. I thought I turned off on 9.01. Do you know if I can trun off Cross-Script attacks on the...

config

design

hoolio

Cirrostratus

16 years ago

You could try to handle this in an iRule, but there are simply too many ways that an attacker could send malicious requests to the application that it's not really feasible to try and handle them all in an iRule. I'd suggest you consider having the application fixed so that all user input is properly validated and sanitized, and implementing an application firewall.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Cross-Script Audit

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Related Content

Cross Site Scripting (XSS) Exploit Paths

Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 BIG-IP

Auditing Security Policy Updates

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting

Audit WAF changes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS