Forum Discussion

Nimbostratus

Sep 07, 2017

Custom Attack Signature to block request with No UA or Referer

I want to be able to check and see if the request is missing both the User-Agent String and the Referer, and possibly block the request. So I know I can do this with an iRule, but I am wanting to tr...

Employee

Sep 20, 2017

Another way to say this is that you want the header to be mandatory. There is a setting under

Security ›› Application Security : Headers : HTTP Headers ›› Edit Header

Mandatory to Enabled will say the header must appear in the request

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Custom Attack Signature to block request with No UA or Referer

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

November Security Research Update: Newly Released Attack Signatures

Bot Signature based on the referer header

Cloud Docs - F5OS Technical Reference Materials

Customer Edge Site High Availability for Application Delivery - Reference Architecture

NGINX App Protect v5 Signature Notifications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS