Forum Discussion
CirrocumulusHttp requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list
Hi;
Http requests with the question mark symbol "?" in the URL are not being blocked although "?" isdisallowed in the URL character list.
for example http://www.xyx.com/?/file.extension
Kindly
Wasfi
You would either do that in an irule (on HTTP_REQUEST)
Or look at the
Security ›› Application Security : Parameters : Parameters List ›› Parameter Properties
for the * (wildcard) parameter
In the Name Meta Characters tab, select
Check characters on this parameter name
/ is already disallowed in the metacharacters
3 Replies
Simon_BlakelyEmployee
That question-mark isn't part of the URL - it is the Query Separator.
The URL is /
The Query String is /file.extension
Wasfi_BounniThank you Simon. My aim is to block a URL that have the quetion mark in the manner asked. i.e. followed by any / character. However, if the question mark comes after the final / in the URL path, then I want it to be allowed: For example: http://www.xyz.com/abc/klm/file.php?
As I said, the question mark symbol is disallowed in the ASM policy under the URL character set section.
Kindly
Wasfi
- Simon_Blakely
You would either do that in an irule (on HTTP_REQUEST)
Or look at the
Security ›› Application Security : Parameters : Parameters List ›› Parameter Properties
for the * (wildcard) parameter
In the Name Meta Characters tab, select
Check characters on this parameter name
/ is already disallowed in the metacharacters
