Forum Discussion

Chris_Hotchkiss's avatar
Icon for Nimbostratus rankNimbostratus
Feb 29, 2012

iRule to mitigate CSRF

Some of our application developers are asking about an iRule that could possibly insert a nonce onto a page during a session that would help prevent a cross-site request forgery from happening. Unfortunately the native software doesn't do this and has said it will be a couple of months before they can get it fixed.



I've written a few iRules but was hoping to knock this out quickly if someone could point me in the right direction. Thanks.


1 Reply

  • Hi Chris,



    There is built in functionality to do this in the Application Security Manager (ASM). I guess it's technically possible to do in an iRule--but it would be complicated to try to parse each parameter from the response HTML and inject the nonce.