Forum Discussion
NimbostratusASM - Regex matching of URL with or without final / trailing slash
Hi Fourm,
I have a situation where sometimes the URL is requested with a final slash and sometimes it is not. Both URIs serve the content without a 301 redirect to the prefered URL - they both respond with 200 and the content.
In the ASM I am using a wildcard to match these request, but the wild card is not at the end of the URL. So following the F5 docs about manually adding final slash in this situation, I have noticed the none trailing slash URLs are not being matched.
So for example
URL RULE /abc/*/ghi/ not match /abc/def/ghi match /abc/def/ghi/
If the wildcard is at the end then this does not matter, but as the wildcard is in the middle it does not match the none trailing slash of the URL
I cant put the wildcard at the end as it could match more if I use * and if I use ?, it needs to match something
Any assistance / suggestions would be great
Graham
9 Replies
natheCirrocumulus
Could a quick workaround be an irule to add the slash at the end? Would this solve the issue without relying on ASM?
ApproxeeHi Nathan,
Thanks for the reply. Yea I could do an iRule - I just wanted to check this is the behaviour of the ASM - that the trailing slash and the none trailing slash are treated differently
Graham
Stanislas_Piro2Cumulonimbus
Of course with and without / are 2 different URL.
Most of web servers receiving request uri /abc/def/ghi and ghi is a folder will reply with a redirect to /abc/def/ghi
TortiCirrus
therefor you need both URL in the ASM policy. Thats the fail
- Torti
in my opinion, it is a missing feature. you allways have to add 2 URLs. So, if you have 10 Restful services in one policy, you need to add 20 URL. If you are using URL parameter....puh. An irule would be an option, like nathan allready says. But then, you manipulate the traffic and it can be complicated depending on the size of the application
- Stanislas_Piro2
Hi Torti,
I think it wouldn't be RFC compliant if F5 change this behavior. And it can introduce security issues. do you want request to /logon.php can allow /logon.php/? you will say No, it is a real page, there is a . between the name and the extension but some sub directories contains dot.
when you create a Restful service or when you code HTLM content, you have to write exact URL and not expect the web server to solve a configuration issue.
Yes, some web servers manage wrong URL. some redirect to right URL, some others accept the request!
- Approxee
I tryed this but it did not work /testurl[(/|)]
I was hopeing the or nothing would work, but it does not :-(
- Approxee
I agree they are two different URL, if you compair them they are different. The issue is they are very very unlikely to serve different content, so they the URLs are different the content and protecting will mostly be the same in 99% of cases
I will add two URLs, but I think this is a feature missing from the ASM
Thanks for all the comments
Graham
- Kai_Wilke
MVP
Hi GreeceMonkey,
I'm using the iRule below to add trailing slashes to make ASM policie configuration more comfortable.
when HTTP_REQUEST { switch -glob -- [string tolower [HTTP::path]] "*.asmx*" - \ "*.json*" - \ "/_*" - \ "*/_layout*" - \ "*/_vti_bin*" - \ "*.svc/*" { if { $debug } { log -noname local0. "$log_prefix The HTTP::path contains a blacklisted string. Skipping \"Add_Slash_to_Folders\" Manipulation." } } default { switch -glob -- [URI::basename [HTTP::path]] "" { if { $debug } { log -noname local0. "$log_prefix The URI::basename is a /Folder/." } } "*.*" { if { $debug } { log -noname local0. "$log_prefix The URI::basename is a *.* File." } } default { if { $debug } { log -noname local0. "$log_prefix The URI::basename is a /Folder (without trailing slash). Adding a trailing slash to the URI::basename." } HTTP::path "[HTTP::path]/" } } }Cheers, Kai
