Forum Discussion

Gopi2018_350205's avatar
Gopi2018_350205
Icon for Nimbostratus rankNimbostratus
Jan 29, 2018

How to check post parameter value?

I have a need to read a particular POST parameter and check its value for specific string and I have created a iRule as follows:

when HTTP_REQUEST_DATA {
 set SSOPayload [string tolower [HTTP::payload]]
 log local0. "SSOPayload : $SSOPayload"
 if { not [IP::addr [IP::remote_addr] equals x.x.0.0/16] } {
   if { [HTTP::method] equals "POST" }{
     # Extract the entire HTTP request body and escape it to become a HTTP::uri string (for easier parsings) 
     set http_request_body "?[HTTP::payload [HTTP::header value "Content-Length"]]"
     # Try to parse type value from the HTTP request body.
     if { [catch { set type [URI::decode [URI::query $request_body type]] }] } {
       log local0. "Type : $type"
       if { not [type equals "abcdefgh"]}{ 
         set html_content " FORBIDDEN " 
         HTTP::respond 403 content $html_content
 } } }

}

Wanted to validate this iRule on the Syntax and also I didn't add Else condition in this, will this create any issues in executing this irule?

 

iRules
security
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 30, 2018

    Hi Gopi,

    optimized your iRule and also removed certain coding glitches for you...

     

    when HTTP_REQUEST {
    if { not ( [IP::addr [IP::remote_addr] equals x.x.0.0/16] ) 
         and ( [HTTP::method] equals "POST" ) 
         and ( [string tolower [HTTP::uri]] equals "/folder/page.php" ) } then {
        if { [HTTP::header value Content-Length] > 0 } then {
            if { [HTTP::header value Content-Length] < 1048576 } then {
                HTTP::collect 1048576
            } else {
                HTTP::collect [HTTP::header Content-Length]
            }
        }
    }
}
when HTTP_REQUEST_DATA { 
    set SSOPayload [string tolower [HTTP::payload]] 
    log local0. "SSOPayload : $SSOPayload" 
     Extract the entire HTTP request body and escape it to become a HTTP::uri string (for easier parsings) 
     Try to parse type value from the HTTP request body.
    if { [catch {
        if { [URI::decode [URI::query "?[HTTP::payload]" type]] ne "abcdefgh" } then {
            HTTP::respond 403 content " FORBIDDEN " "Content-Type" "text/html" "Connection" "close"
            log local0. "Wrong Type : $type"
        } else {
            log local0. "Good Type : $type"
             Let the request pass....
        }
    }] } then {
        log local0. "Failed to parse HTTP::payload for type value"
        HTTP::respond 500 content " FORBIDDEN " "Content-Type" "text/html" "Connection" "close"
    }
}

     

    Note: Did some rework on your yntax to send a HTTP err500 in the case of an exemption.

    Note: Also removed certain unnessesary code. Define variables only if required, this will safe you a bunch of CPU cycles...

    Cheers, Kai