Forum Discussion
1 Reply
- samstepCirrocumulus
Hi Gary,
It is indeed a bad idea as you will be using a wrong tool for the job.
You should really be using the F5 ASM module to protect your applications - it is designed to address security issues like the one you are trying to solve with all the problem confirmation/attack signature updates/reporting/logging etc...
Of course it is possible to scrub the POST data in iRules, but it is not easy to design and develop by someone who is new to iRules. I am also sure your security requirements will not stop at sanitizing the POST data for just SCRIPT tags - there are thousands of attacks and evasion techniques out there and you will not be able to maintain an iRule which can mitigate them all and will keep itself updated of all the latest attack methods and malicious tags. Get ASM.
Hope this helps,
Sam