Forum Discussion

Altostratus

Sep 12, 2018

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a stan...

Employee

Sep 13, 2018

Presumably you have HSTS set and the browser is puking because you're aiming it at http. Is it possible to change the link on the server side? If not then use an iRule that looks purely for that URL ( the page URL, not the Javascript one ) and apply a stream profile only at that point.

pseudocode would be:

when HTTP_REQUEST
    if URI is in datagroup then set $stream = 1
when HTTP_RESPONSE
    if $stream = 1 then apply stream profile

Forum Discussion

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Recent Discussions

GCP F5 deployment - Active -Active with config Sync

IP Intelligence

BUG Query

Health Monitor via MGMT (DCDs)

Ansible modules for F5OS

Related Content

Compromised CI/CD, FBot, and Hadoop Attacks - Jan 7th - 14th, 2023 - F5 SIRT - This Week in Security

Control plane RCE are everywhere and CI/CD compromised Oct 23th–29th – F5SIRT This Week in Security

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)