Forum Discussion
Wasfi_Bounni
Cirrocumulus
CirrocumulusHttp requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list
Hi; Http requests with the question mark symbol "?" in the URL are not being blocked although "?" isdisallowed in the URL character list. for example http://www.xyx.com/?/file.extension ...
You would either do that in an irule (on HTTP_REQUEST)
Or look at the
Security ›› Application Security : Parameters : Parameters List ›› Parameter Properties
for the * (wildcard) parameter
In the Name Meta Characters tab, select
Check characters on this parameter name
/ is already disallowed in the metacharacters
Wasfi_BounniCirrocumulus
CirrocumulusThank you Simon. My aim is to block a URL that have the quetion mark in the manner asked. i.e. followed by any / character. However, if the question mark comes after the final / in the URL path, then I want it to be allowed: For example: http://www.xyz.com/abc/klm/file.php?
As I said, the question mark symbol is disallowed in the ASM policy under the URL character set section.
Kindly
Wasfi
Simon_BlakelyEmployee
You would either do that in an irule (on HTTP_REQUEST)
Or look at the
Security ›› Application Security : Parameters : Parameters List ›› Parameter Properties
for the * (wildcard) parameter
In the Name Meta Characters tab, select
Check characters on this parameter name
/ is already disallowed in the metacharacters