Forum Discussion

doddy's avatar
doddy
Icon for Nimbostratus rankNimbostratus
Jul 27, 2013

Detect HTTP Pipelining Request

Good day all...     I am currently looking for method to detect HTTP pipelining request. This pipelining is currently exploiting our vulnerability in which cannot detect subsequent request on...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 27, 2013
But the first request, in which the method saved on httpmethodprev variable, is not rejected.

Only the subsequent request successfully being rejected.can we count number of keyword (e.g. GET, HEAD) and reject when it occurs more than 1?

e.g. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
  TCP::collect
}
when CLIENT_DATA {
  if { [llength [lsearch -all [TCP::payload] HEAD]] > 1 } {
    reject
    return
  }
  TCP::release
  TCP::collect
}
}

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.17(47909) <-> 172.28.19.252(80)
1374923550.5707 (0.0007)  C>S
---------------------------------------------------------------
HEAD /frist HTTP/1.1
Host:

HEAD /second HTTP/1.1
Host:

---------------------------------------------------------------

1    1374923550.5708 (0.0000)  S>C  TCP RST