Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jayson_Haxton_2

Icon for Nimbostratus rank

Nimbostratus

Aug 29, 2017

iRule to prevent XSS attack

How would I write an iRule to prevent an XSS attack on an HTTPS site.

2 Replies

Jayson_Haxton_2
Nimbostratus
Aug 29, 2017
I want to prevent someone from adding "%20was%20changed.%20Please,%2 0Visit%20Attacker.com%20because%20this%20page" to the URL.
Hannes_Rapp
Nimbostratus
Aug 29, 2017
Use ASM module which is meant for it. Going with iRule is fixing broken bones with band aids.

For mitigating XSS attacks executed via HTTP headers or HTTP URI, a LTM iRule solution would not be that bad. However, for complete mitigation, you also need to look for XSS attacks in POST payload. For that last scenario, a iRule solution is not feasible. It would cause significant degradation of your app performance.

Jeff - May 2026 Featured F5er

DevCentral News

series-devcentral-featured-members

AppWorld Berlin 2026 – iRules Contest Winning Results

DevCentral News

One Quick Step to Make your website AI-Agent/MCP Ready with an iRule

Technical Articles

application delivery

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5