F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Don_Couture_211's avatar
Don_Couture_211
Icon for Nimbostratus rankNimbostratus
Jul 19, 2006

XSS protection with an Irule?

I have searched and browsed the forums and codeshare but have not found any examples of using an Irule to protect against cross site scripting.     Wouldn't an Irule that replaces html tags < />...
application delivery
dev
devops
iRules
wyoder_99262's avatar
wyoder_99262
Icon for Nimbostratus rankNimbostratus
Sep 21, 2011
Hi, Joe:

 

 

One of our clients has been dinged by its auditing department for XSS vulnerabilities. The audit recommends:

 

 

"Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers."

 

 

It's been 5 years since this original message was posted. Are there new CodeShare additions that address this requirement?

 

 

Thanks a bunch,

 

Bill