For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

laga44_77816's avatar
laga44_77816
Icon for Nimbostratus rankNimbostratus
Aug 07, 2008

blocking content with iRules

Hi, I'm looking for a sample to block a specific   parameter from a http request URL query string.   As an example is someone hits our site with     http://test.test.11/dir/1315...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 07, 2008
Is the bad string found in a parameter value (/dir/1315?param=bad2144)? If so, you might want to verify whether the application accepts the same parameter in the payload of a POST request. A malicious user could potentially use an interception proxy to modify the request from a GET to a POST and include the parameter in the POST data. Also, for the URI check, you could be more specific using HTTP::query.

 

 

If you want to only check for the bad2144 string for a specific URI, you could add a check:

 

 

if {[HTTP::uri] starts_with "/some/path" && [HTTP::query] contains "bad2144"}{

 

 

If the app is not case sensitive, you could set the URI to lower case:

 

 

if {[string tolower [HTTP::uri]] starts_with "/some/path" && [HTTP::query] contains "bad2144"}{

 

 

Aaron