Forum Discussion

Altocumulus

Sep 12, 2018

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a stan...

Nimbostratus

Sep 13, 2018

Hi Philip,

A bit of an alternative approach here could be to insert this HTTP header:

Content-Security-Policy: upgrade-insecure-requests;

This should make your browser automatically rewrite any insecurely served content to HTTPS.

More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Inspecting a UCS file from a compromised BIG-IP

Javascript injecting systems effect on web application end users - a scenario review

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Secure, Deliver and Optimize Your Modern Generative AI Apps with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS