JD_Tomzak
Sep 15, 2022Cirrus
Irule advice?
Hello, I'm seeking advice on using an Irule to drop a connection when a certain condition is met in the URI. fid= followed by non numeric charectors. fid=1234 would pass. fid=13d4 would drop. Thanks...
- Sep 15, 2022
when HTTP_REQUEST { if { [string tolower [HTTP::query]] contains "fld" } { if { ![string is digit [URI::query [HTTP::uri] "fld"]] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" reject } } }
- Sep 19, 2022
The following accounts for a POST request where the payload is URL encoded or XML:
when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { ## Trigger collection for up to 1MB of data if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } ## Check if $content_length is not set to 0 if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { set fld "" if { [HTTP::payload] contains "fld=" } { foreach x [split [HTTP::payload] "&"] { if { $x starts_with "fld=" } { set fld [lindex [split $x "="] 1] continue } } } elseif { [HTTP::payload] contains "<fld>" } { set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"] } if { $fld ne "" } { if { ![string is digit $fld] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close" } } }