Forum Discussion
How do I detect a web dav request?
I would like to drop any web dav calls being made. Any one knows how this can be done?
ex)
when HTTP_REQUEST {
if { ([(WEB DAV) string tolower [HTTP::uri]] contains "xyz") } {
drop
return
}
}
Thanks.
Regards,
TRX
- hoolioCirrostratusHi TRX,
- Thanks Aaron. We are NOT on version 10.x yet. I think this http://devcentral.f5.com/wiki/defau...thods.html
example is sufficient. I will test and reply back with my results.
Regards,
TRX
- So it doesn't seem to be working. We still get this error in the IIS logs.
2011-06-13 18:21:58 W3SVC1 192.168.254.189 GET /Rejected-By-UrlScan ~/portal/site/erp/404/ 80 - 167.3.22.167 Microsoft-WebDAV-MiniRedir/5.1.2600 404 0 2
Here is the code I am using:
when HTTP_REQUEST {
selectively disable HTTP processing for specific request methodsswitch [HTTP::method] {"MOVE" -
"COPY" -
"LOCK" -
"UNLOCK" -
"PROPFIND" -
"PROPPATCH" -
"MKCOL" { HTTP::disable }
}}
So the WebDav is still getting through to the proxy server.
Any ideas on why the code is NOT dropping the request etc. on the f5 level?
Regards,
TRX
- hoolioCirrostratusTry changing HTTP::disable to reject. HTTP::disable disables HTTP parsing of the request but still allows the request through to the pool. Reject will send a TCP reset.
- Hello ,
- hoolioCirrostratus'event disable all' would prevent all further events from being run for the duration of the TCP connection. But reject should have the same effect as TMM will send the client a TCP reset and close the connection. I guess you could do both to be really complete:
when HTTP_REQUEST { Send a TCP reset for WebDav methods switch [HTTP::method] { "MOVE" - "COPY" - "LOCK" - "UNLOCK" - "PROPFIND" - "PROPPATCH" - "MKCOL" { reject event all disable } } }
- Thanks!
- FAZ_79699Nimbostratusdid this work? I cant add both reject and "event all disable"
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com