Forum Discussion

Altocumulus

Sep 12, 2018

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a stan...

Employee

Sep 13, 2018

Presumably you have HSTS set and the browser is puking because you're aiming it at http. Is it possible to change the link on the server side? If not then use an iRule that looks purely for that URL ( the page URL, not the Javascript one ) and apply a stream profile only at that point.

pseudocode would be:

when HTTP_REQUEST
    if URI is in datagroup then set $stream = 1
when HTTP_RESPONSE
    if $stream = 1 then apply stream profile

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Inspecting a UCS file from a compromised BIG-IP

Javascript injecting systems effect on web application end users - a scenario review

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Secure, Deliver and Optimize Your Modern Generative AI Apps with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS