Forum Discussion

Jayson_Haxton_2

Nimbostratus

Aug 29, 2017

iRule to prevent XSS attack

How would I write an iRule to prevent an XSS attack on an HTTPS site.

Nimbostratus

Aug 29, 2017

Use ASM module which is meant for it. Going with iRule is fixing broken bones with band aids.

For mitigating XSS attacks executed via HTTP headers or HTTP URI, a LTM iRule solution would not be that bad. However, for complete mitigation, you also need to look for XSS attacks in POST payload. For that last scenario, a iRule solution is not feasible. It would cause significant degradation of your app performance.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule to prevent XSS attack

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

F5 ASM/AWAF Preventing unauthorized users accessing admin path using iRule script

Prevent some SQL attacks

European airport software attack and zero day ‘s are here

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS