Forum Discussion

andrew_deackes_'s avatar
andrew_deackes_
Icon for Nimbostratus rankNimbostratus
Oct 20, 2011

block .DS_store files

Hi,

 

 

while our developers/programmers get their act together I've been asked to block access to .DS_store files on our web servers. Can someone suggest a simple i-Rule to block any request for this type of file?

 

 

thanks

 

 

A
  • Is that the file extension? Is that the end of the URL?

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] ends_with ".DS_store" }{

     

    drop

     

    }

     

    }
  • in case of HTTP::path

    HTTP::path wiki

    http://devcentral.f5.com/wiki/iRules.HTTP__path.ashx

    [root@iris:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foofoo
       destination 172.28.17.33:http
       ip protocol tcp
       rules myrule
       profiles {
          http {}
          tcp {}
       }
    }
    [root@iris:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
            if {[string tolower [HTTP::path]] ends_with ".ds_store"} {
                    drop
            }
    }
    }
    
    [root@iris:Active] config  curl -I http://172.28.17.33/
    HTTP/1.1 200 OK
    Date: Thu, 20 Oct 2011 04:44:31 GMT
    Server: Apache/2.0.59 (rPath)
    Last-Modified: Thu, 11 Nov 2010 04:23:21 GMT
    ETag: "1315d-5f-5580a040"
    Accept-Ranges: bytes
    Content-Length: 95
    Set-Cookie: testcookie=helloworld
    Content-Type: text/html; charset=UTF-8
    
    [root@iris:Active] config  curl -I http://172.28.17.33/test.DS_store
    curl: (52) Empty reply from server
    
    [root@iris:Active] config  curl -I http://172.28.17.33/test.DS_store?para1=value1
    curl: (52) Empty reply from server
    
    
  • that's the file name, there are multiple files called .DS_store in various locations, want to stop any requests for them.
  • [root@iris:Active] config  curl -I http://172.28.17.33/.DS_store
    curl: (52) Empty reply from server
    
    [root@iris:Active] config  curl -I http://172.28.17.33/.DS_store?para1=value1
    curl: (52) Empty reply from server
    
    [root@iris:Active] config  curl -I http://172.28.17.33/test/.DS_store?para1=value1
    curl: (52) Empty reply from server