Forum Discussion

muntae_kim's avatar
muntae_kim
Icon for Cirrus rankCirrus
Sep 26, 2023

How to use ‘PURGE’ and ‘PURGE_URL’ Method in F5 DoS products

Hello, My name is Muntae Kim.

How to allow ‘PURGE’ and ‘PURGE_URL’ Method in F5 DDoS product

BIG-IP version:
- BIG-IP 16.1.3.1
- DDoS Hybrid Defender 16.1.0-9.0.20

When the server in the section passing through the F5 DDoS product executes the following curl command, a connection cannot be established due to a connection reset message.

[root@uxe1253 ~]# curl -X PURGE ep0325.ehosting.cafe24.com
curl: (56) Recv failure: Connection reset by peer

I need to allow methods for 'PURGE' and 'PURGE_URL' in F5. Can you tell me how to set this?

Thank you.

 

security

3 Replies

Sort By
  • Heath_Parrott's avatar
    Heath_Parrott
    Icon for Employee rankEmployee
    Oct 18, 2023

    Normally if a connection is blocked by an F5 security product and HTTP is involved a 200 OK with an error code via the body is presented and a connection is not simply dropped so I would recommend a packet capture to validate where the TCP connection is dropped. 

    PURGE and PURGE_URL are non standard HTTP methods and are not listed in any RFC.  If the TCP connection being dropped by BIG-IP there is a virtual server processing the traffic that has an HTTP security profile applied to it and the methods in question are not on the allowed list via a custom method.  

    I took a quick look at an HTTP protocol security profile in AFM which shows that PURGE and PURGE_URL are not in our standard list of methods.  To allow them one needs to explicitly create them via Security --> Security Profiles --> HTTP.  The exact details of the configuration will vary based on how the system is setup and the documentation on the product.  I recommend a case be opened to further investigate the config setting you need since DDoS hybrid defender also has wizards that may obfuscate the setting or require other settings be touched. 



    • muntae_kim's avatar
      muntae_kim
      Icon for Cirrus rankCirrus
      Oct 25, 2023

      hello. Thank you for your reply.

      I previously confirmed that Allow for PURGE_URL is possible when creating iRules as follows. Please review whether the requested item cannot be implemented with the iRules.

      (In addition, url_destroy was a syntax that did not work in that version.)

       

      1. Edit the iRule:

      In the "Definition" section, add the following iRule script:

      when HTTP_REQUEST {

      if {[HTTP::method] equals "PURGE" || [HTTP::method] equals "PURGE_URL"} {

      set allow_purge_method 1

      }

      }

      when HTTP_RESPONSE {

      if { [info exists allow_purge_method] } {

      unset allow_purge_method

      set respond_purge_method 1

      }

      }

      when RULE_INIT {

      set respond_purge_method 0

      set allow_purge_method 0

      }

      when RULE_DESTROY {

      if { [info exists allow_purge_method] } {

      unset allow_purge_method

      }

      }