Forum Discussion

Cirrus

May 25, 2016

Enable AJAX blocking behavior (JavaScript injection)?

Hi, Does someone know exactly what kind of javascript is injected by this ASM feature and how it works exactly ? Best Regards Yann

Cirrus

Jun 11, 2016

Final results :

Bug 1 : even if you disable AJAX response in your security policy, you get an AJAX response page as long as there is x-ts-ajax-request:true header present in the request.

Bug 2 : The feature inject a javascript code within the site which works fine for all browsers except IE11. The browser refuse to execute the code for security reasons. After checking, it sounds that it's a bug on IE11, but Microsoft states in a blog post that only security issues will be fixed. After digging into the Internet Explorer configuration, this is working when we set Compatibility Mode to IE8 but most of modern websites fail in that case.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Enable AJAX blocking behavior (JavaScript injection)?

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Round-robin method not load balanced

F5 AI Roadmap

F5 object groups in AFM

F5 BGP Peering in Active /Standby Cluster

F5 rSeries || Upgrade tenant

Related Content

Javascript injecting systems effect on web application end users - a scenario review

WAF evasion techniques for Command Injection

AppDynamics EUM JavaScript Injection for Selective URLs

Mitigating OWASP Web Application Risk: Injection exploits using F5 BIG-IP

Serverside SNI injection iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS