Forum Discussion

Nimbostratus

Jul 20, 2015

String sanitization in LTM

Hello, I'm using BIG-IP LTM v11.5.1 now. I want to sanitize the string that is included in the request from client. (e.g. "<" -> "<", ">" -> ">"...) Q.Please tell me if you know h...

Kevin_Stewart

Employee

Jul 21, 2015

I agree that it can get challenging, but definitely not impossible.

when HTTP_REQUEST {
    HTTP::uri [string map {"<" "<" ">" ">"} [HTTP::uri]]
}

The [string map ] function here replaces the special characters in the HTTP uri. You can extend this to include more characters and HTTP header and payload data. If you're worried about attacks though, you'd be far better off enabling a web application firewall like ASM.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

String sanitization in LTM

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Connections appear not to use Persistence

LB Connection Limit Detection Method

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Related Content

Sanitize special characters in AD groups names

Intermediate iRules: Handling Strings

ASM Sanitize Blocking Page Requests

HTTPS Monitor: receive string with quotation mark

The State Of HTTP/2 Full Proxy With F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS