Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
5 years ago
Solved

Http requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list

Hi;   Http requests with the question mark symbol "?" in the URL are not being blocked although "?" isdisallowed in the URL character list.   for example http://www.xyx.com/?/file.extension ...
aws
security
  • Simon_Blakely's avatar
    Simon_Blakely
    5 years ago

    You would either do that in an irule (on HTTP_REQUEST)

     

    Or look at the

    Security  ››  Application Security : Parameters : Parameters List  ››  Parameter Properties

    for the * (wildcard) parameter

     

    In the Name Meta Characters tab, select

    Check characters on this parameter name

     

    / is already disallowed in the metacharacters

Simon_Blakely's avatar
Simon_Blakely
Icon for Employee rankEmployee
5 years ago

That question-mark isn't part of the URL - it is the Query Separator.

 

The URL is /

The Query String is /file.extension

 

Query string