Forum Discussion
NimbostratusI need an iRule that will search a uri or query string for <script> and allow me to send a custom response.����A
I have ASM and it works for all traffic but our external PCI scanner which is white listed. The scanner is getting a 200 response on a custom errors page but accepts it as proof that we are vulnerable to CSS.
The Rule below causes the site to go to an unavailable page. If I drop the < > tags it finds script but will also hit on description and many other legitimate requests.
Is there a way to include the tags or use a wildcard in the search string so it will search for script * script?
Thanks
when HTTP_REQUEST { if { [HTTP::uri] contains "
3 Replies
natheCirrocumulus
Jcline, could you use backslash substitution to escape the characters e.g.
BTW, re the workings of ASM, if you've white listed the scanner IP then is the custom error from the back end servers?
N
jclineWorks Great!
Thanks
- Kevin_Stewart
Employee
Before I move from test to Prod systems. Do you know if [URI::decode] is resource intensive?
This command should consume negligible CPU, but if you want to know exactly how much, take a look at the following link for information on viewing iRule performance.
https://devcentral.f5.com/wiki/iRules.timing.ashx
