Forum Discussion

pjcampbell_7243's avatar
Apr 26, 2011

Check any request (get or post) for some chars?

I wanted to check any GET or POST for some chars say %3C and %3E (< and >).

 

 

GET I think would be covered by checking the contents of HTTP::uri but this doesn't do anything to interpret POST data.

 

 

I've tried some stuff like:

 

 

when HTTP_REQUEST_DATA {

 

if { ( [HTTP::payload] contains "%3C") && ( [HTTP::payload] contains "%3E) } {

 

do something

 

}

 

}

 

 

but it does not seem to be working when I do a curl post containing both of those chars so I am clearly doing something wrong? Any suggestions.

 

 

Thanks,

 

Patrick

 

  • Looks like I found a decent example here

     

     

    http://millerch.wordpress.com/2011/01/12/irules-searching-http-payload/

     

     

  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Nice, Chris' blog is definitely a good source for some of those write-ups, there's also some more info on DevCentral here:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__payload.html

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/HTTPPayloadCollection.html

     

     

    Colin