For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vivek_Padale_16

Icon for Nimbostratus rank

Nimbostratus

Jul 30, 2014

Disabling SQL injection and XML Tagging for a specific URL

Hello Everyone,

I want to disable SQL injection and XML Tagging attack for this url:-

"http://mybase.com/users/profile".

So is there any iRule for disabling SQL injection and XML tagging for the above URL.

Thanks.

application delivery

ASM Advanced WAF

3 Replies

mimlo_61970
Cumulonimbus
Jul 30, 2014
I would recommend F5's ASM module to handle this, assuming the application/website cannot be fixed to address the problem. Escaping input at the app level works a lot better than pattern matching at the network level.
Vivek_Padale_16
Nimbostratus
Aug 01, 2014
Thanks Mimlo for your input.....
Arnaud_Lemaire
Employee
Aug 01, 2014
Vivek, could you stick to your initial post please ? i provided you with an answer here for SQL injection unnblock: https://devcentral.f5.com/questions/irule-for-asmanswer100884

next step for you is to identify the attack type form XML tagging and add it with a or in the matching condition.

thanks.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5