Forum Discussion
Irule advice?
- Sep 15, 2022
when HTTP_REQUEST { if { [string tolower [HTTP::query]] contains "fld" } { if { ![string is digit [URI::query [HTTP::uri] "fld"]] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" reject } } }
- Sep 19, 2022
The following accounts for a POST request where the payload is URL encoded or XML:
when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { ## Trigger collection for up to 1MB of data if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } ## Check if $content_length is not set to 0 if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { set fld "" if { [HTTP::payload] contains "fld=" } { foreach x [split [HTTP::payload] "&"] { if { $x starts_with "fld=" } { set fld [lindex [split $x "="] 1] continue } } } elseif { [HTTP::payload] contains "<fld>" } { set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"] } if { $fld ne "" } { if { ![string is digit $fld] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close" } } }
Interesting. That iRule should work as long it's HTTP or you're decrypting HTTPS. Does the iRule event fire at all?
when HTTP_REQUEST {
log local0. "here: [HTTP::uri]"
if { [string tolower [HTTP::query]] contains "fld" } {
if { ![string is digit [URI::query [HTTP::uri] "fld"]] } {
log local0. "invalid fld value, rejecting from [IP::client_addr]"
HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close"
}
}
}
Do you get any odd messages in /var/log/ltm?
Yes, the Irule,fires, logs, etc.
When we do this on port 80, I see our error mesage and an orderly connection shutdown.
When https:, no message is returned and the connection ends with just us sending the rst-ack.
Thanks,
- Kevin_StewartSep 16, 2022Employee
Just tested and it appears to work fine for me with an HTTPS VIP (decrypting and re-encrypting).
If you tail the LTM log do you see anything unusual?
tail -f /var/log/ltm
- JD_TomzakSep 16, 2022Cirrus
Nope, nothing there. Odd situation...
Thanks for all help anyway, will get it figured out next week. I'm about to get started on the weekend. Have a good one!
-JD
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com