For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

redheadontherun's avatar
redheadontherun
Icon for Nimbostratus rankNimbostratus
Mar 25, 2016
Solved

Alert or Block GET requests with data

We have a webpage with a username field, we'd like to prevent malicious actions by ensuring a GET with data cannot be accomplished. I would be happy with an iRule that looked to see if there was data...
ASM Advanced WAF
iRules
security
  • Tzoori_Tamam_95's avatar
    Tzoori_Tamam_95
    Mar 28, 2016

    I may have misunderstood the question, but if you enable an ASM policy, it is one of the basic check it enforces, under HTTP Protocol Compliance ("Body in GET of HEAD requests") - you need to make sure it is checked in the Policy Blocking Settings configuration page, and that your policy is set to Blocking.

     

Vernon_97235's avatar
Vernon_97235
Historic F5 Account
Mar 26, 2016

To drop:

when HTTP_REQUEST {
    if { [HTTP::method] eq "GET" } {
        HTTP::collect 10
    }
}

when HTTP_REQUEST_DATA {
    HTTP::release
    reject
}
  • John_Alam_45640's avatar
    John_Alam_45640
    Historic F5 Account
    Mar 26, 2016
    You may also want to set the HTTP profile to UNCHUNK the requests. And look for the presence of the Content-Length header.