Irules for html sanitization

Question

Hi 
I'm new to irules so forgive me if this is totally bad idea to even consider doing...but is it possible to scan the inbound users Post data for malicious tags?  &nbsp;

samstep · Answer

Hi Gary,&nbsp;
It is indeed a bad idea as you will be using a wrong tool for the job.&nbsp;
You should really be using the F5 ASM module to protect your applications - it is designed to address security issues like the one you are trying to solve with all the problem confirmation/attack signature updates/reporting/logging etc...&nbsp;
Of course it is possible to scrub the POST data in iRules, but it is not easy to design and develop by someone who is new to iRules. I am also sure your security requirements will not stop at sanitizing the POST data for just SCRIPT tags - there are thousands of attacks and evasion techniques out there and you will not be able to maintain an iRule which can mitigate them all and will keep itself updated of all the latest attack methods and malicious tags. Get ASM.&nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

Forum Discussion

Irules for html sanitization

1 Reply

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Random TCP Resets from F5

Base64 decoding issue (JSON request)

F5 i-series Guests to r-series tenants migration

Block specific URL's in APM

Sizing calculation storage

Related Content

Sanitize special characters in AD groups names

What is HTML Field Obfuscation?

HTML Comment Scrubber iRule

iRule HTML Maintenance Page insert URI Value

ASM Sanitize Blocking Page Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS