Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Mar 03, 2021

Http requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list

Hi;   Http requests with the question mark symbol "?" in the URL are not being blocked although "?" isdisallowed in the URL character list.   for example http://www.xyx.com/?/file.extension ...
AWS
security
  • Simon_Blakely's avatar
    Simon_Blakely
    Mar 03, 2021

    You would either do that in an irule (on HTTP_REQUEST)

     

    Or look at the

    Security  ››  Application Security : Parameters : Parameters List  ››  Parameter Properties

    for the * (wildcard) parameter

     

    In the Name Meta Characters tab, select

    Check characters on this parameter name

     

    / is already disallowed in the metacharacters

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
Mar 03, 2021

That question-mark isn't part of the URL - it is the Query Separator.

 

The URL is /

The Query String is /file.extension

 

Query string