AppWorld 2026 iRule Comp

Problem

Prompt injection attacks using various phrases 

Solution

Using an Data Group driven Irule to look up common phrases to check against in the payload for prompt injection.  Using a data group allows for quick updates t the list as well as including a threat level in the value of the data group entry so that the different levels can be deterministic of responses the F5 gives.

Impact

This would allow for organizations to track possible injection attempts and quickly change behavior with small changes in a controlled fashion in response to the ever gowing attack they may occur.

when HTTP_REQUEST {
    set poss_injection {[class match -element -- [HTTP::payload] contians dg_injection_phrase]}
    if {$poss_injection !="" } {
        set injection_threat_level {[class match -value -- $poss_injection startswith dg_injection_phrase]}
        if {$inection_threat_level == "High" | "" } {
            log local0. "Possible prompt injection client_addr=[IP::client_addr] Injection Phrase=$poss_injection Threat Level=$inection_threat_level"
            HTTP::respond 403 content "Blocked"
        } else {
            log local0. "Possible prompt injection client_addr=[IP::client_addr] Injection Phrase=$poss_injection Threat Level=$inection_threat_level"
        }
    }
}

This does require the creation and population of a Data Group.  The current iRule Defaults entries with no treat value entered to Block.

Allow for quick addition of new entries on the fly so as new phrases are identified they can quickly be added at the appropriate threat level.  Also allows with quick edits to change threat levels monitored to higher levels with low impact to other entries other traffic. Also allow for checking for false values through logging to ensure the rule can be tuned to your environment.

dg_injection_phrase starting values: