Forum Discussion

Nimbostratus

Jan 10, 2018

What is the best way to block ajax requests?

I have a page running behind the F5, the application makes queries to a database through AJAX, however for a programming error they left part of the code open, and after the time we discovered that a...

Cirrocumulus

Jan 18, 2018

What about an irule like this?

when HTTP_REQUEST { 
if { [HTTP::header "X-Requested-With" ] equals "XMLHttpRequest" } { 
drop 
   } 
 }

Or a custom ASM signature with the following rule?

headercontent:"XMLHttpRequest"; nocase;

To be honest, a bit of a punt this. Other DCers may come back and highlight major errors with these approaches 🙂

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

What is the best way to block ajax requests?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Block requests by reverse DNS record

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block Referral Requests

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS