Forum Discussion

Icon for Altostratus rank

Altostratus

May 05, 2015

CSRF protection if HTTP response is compressed

Hi, we plan to enable CSRF protection on the F5. As per the below solution, under the requirements it states that the response should NOT be compressed. - https://support.f5.com/kb/en-us/solutions/public/11000/900/sol11930.html

Is this referencing the response from the server or from the F5?

thnx

ASM Advanced WAF

1 Reply

BinaryCanary_19
Historic F5 Account
May 06, 2015
It's server-side response.

The solution says that: ASM modifies the response in order to insert the CSRF javascript, and it only does it for responses that contain tag
html
, and which are uncompressed.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5