Forum Discussion
Alert or Block GET requests with data
We have a webpage with a username field, we'd like to prevent malicious actions by ensuring a GET with data cannot be accomplished. I would be happy with an iRule that looked to see if there was data in the GET request and alerted or dropped the connection or changed the GET to a POST.
Can anyone help?
I may have misunderstood the question, but if you enable an ASM policy, it is one of the basic check it enforces, under HTTP Protocol Compliance ("Body in GET of HEAD requests") - you need to make sure it is checked in the Policy Blocking Settings configuration page, and that your policy is set to Blocking.
- redheadontherun
Nimbostratus
Or a rule that strips the data out of the GET request. - Vernon_97235Historic F5 Account
To drop:
when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { HTTP::collect 10 } } when HTTP_REQUEST_DATA { HTTP::release reject }
- John_Alam_45640Historic F5 AccountYou may also want to set the HTTP profile to UNCHUNK the requests. And look for the presence of the Content-Length header.
- VernonWells
Employee
To drop:
when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { HTTP::collect 10 } } when HTTP_REQUEST_DATA { HTTP::release reject }
- John_Alam_45640Historic F5 AccountYou may also want to set the HTTP profile to UNCHUNK the requests. And look for the presence of the Content-Length header.
- Tzoori_Tamam_95Historic F5 Account
I may have misunderstood the question, but if you enable an ASM policy, it is one of the basic check it enforces, under HTTP Protocol Compliance ("Body in GET of HEAD requests") - you need to make sure it is checked in the Policy Blocking Settings configuration page, and that your policy is set to Blocking.
- redheadontherun
Nimbostratus
Just want to say thank you to everyone!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com