Forum Discussion

Nimbostratus

Sep 07, 2017

Custom Attack Signature to block request with No UA or Referer

I want to be able to check and see if the request is missing both the User-Agent String and the Referer, and possibly block the request. So I know I can do this with an iRule, but I am wanting to tr...

Employee

Sep 21, 2017

Another way to say this is that you want the header to be mandatory. There is a setting under

Security ›› Application Security : Headers : HTTP Headers ›› Edit Header

Mandatory to Enabled will say the header must appear in the request

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Custom Attack Signature to block request with No UA or Referer

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

November Security Research Update: Newly Released Attack Signatures

Bot Signature based on the referer header

Cloud Docs - F5OS Technical Reference Materials

NGINX App Protect v5 Signature Notifications

Customer Edge Site High Availability for Application Delivery - Reference Architecture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS