Forum Discussion

Altocumulus

Sep 12, 2018

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a stan...

MVP

Oct 05, 2018

I think it's nice to have an approved answer. All of the credits to go RossVermette who wrote the following iRule that solved the problem completely:

when HTTP_RESPONSE {
  if { HTTP::header value Content-Type] contains "application/json"} {
    STREAM::expression "@http://@https://@"
    STREAM::enable
  }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Inspecting a UCS file from a compromised BIG-IP

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

Javascript injecting systems effect on web application end users - a scenario review

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Secure, Deliver and Optimize Your Modern Generative AI Apps with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS