Forum Discussion

trx's avatar
Jun 09, 2011

How do I detect a web dav request?

Hello ,

I would like to drop any web dav calls being made. Any one knows how this can be done?

 

 

 

ex)

 

 

 

when HTTP_REQUEST {

 

if { ([(WEB DAV) string tolower [HTTP::uri]] contains "xyz") } {

 

drop

 

return

 

}

 

}

 

 

 

 

Thanks.

 

 

 

Regards,

 

TRX

 

8 Replies

  • Hi TRX,

     

     

    Here are two examples which deal with HTTP methods. If you're on 10.x and choose to store the methods you want to act on in a datagroup you should use the class command to do the lookup.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/DisablingHTTPProcessingForUnrecognizedHTTPMethods.html

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/URIKeywordAndHTTPMethodFiltering.html

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/class

     

     

    Aaron
  • So it doesn't seem to be working. We still get this error in the IIS logs.

     

     

    2011-06-13 18:21:58 W3SVC1 192.168.254.189 GET /Rejected-By-UrlScan ~/portal/site/erp/404/ 80 - 167.3.22.167 Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 2

     

     

     

    Here is the code I am using:

     

     

     

    when HTTP_REQUEST {

     

    selectively disable HTTP processing for specific request methods

     

    switch [HTTP::method] {

     

    "MOVE" -

     

    "COPY" -

     

    "LOCK" -

     

    "UNLOCK" -

     

    "PROPFIND" -

     

    "PROPPATCH" -

     

    "MKCOL" { HTTP::disable }

     

    }

     

    }

     

     

     

     

    So the WebDav is still getting through to the proxy server.

     

     

     

    Any ideas on why the code is NOT dropping the request etc. on the f5 level?

     

     

     

    Regards,

     

    TRX

     

  • Try changing HTTP::disable to reject. HTTP::disable disables HTTP parsing of the request but still allows the request through to the pool. Reject will send a TCP reset.

     

     

    Aaron
  • Hello ,

     

    I want the request to drop completely and do NOT even execute any other IRules.

     

     

    Would you use "disable" or "event disable all"?

     

     

    Thanks.

     

     

    Regards,

     

    TRX
  • 'event disable all' would prevent all further events from being run for the duration of the TCP connection. But reject should have the same effect as TMM will send the client a TCP reset and close the connection. I guess you could do both to be really complete:

    
    when HTTP_REQUEST {
        Send a TCP reset for WebDav methods
       switch [HTTP::method] {
          "MOVE" -
          "COPY" -
          "LOCK" -
          "UNLOCK" -
          "PROPFIND" -
          "PROPPATCH" -
          "MKCOL" {
             reject
             event all disable
          }
       }
    }
    

    Aaron
  • did this work? I cant add both reject and "event all disable"

     

     

    it throws an "unknown event" error