Forum Discussion
JD_Tomzak
Sep 15, 2022Cirrus
Irule advice?
Hello, I'm seeking advice on using an Irule to drop a connection when a certain condition is met in the URI. fid= followed by non numeric charectors. fid=1234 would pass. fid=13d4 would drop. Thanks...
- Sep 15, 2022
when HTTP_REQUEST { if { [string tolower [HTTP::query]] contains "fld" } { if { ![string is digit [URI::query [HTTP::uri] "fld"]] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" reject } } }
- Sep 19, 2022
The following accounts for a POST request where the payload is URL encoded or XML:
when HTTP_REQUEST { if { [HTTP::method] eq "POST" } { ## Trigger collection for up to 1MB of data if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } ## Check if $content_length is not set to 0 if { $content_length > 0 } { HTTP::collect $content_length } } } when HTTP_REQUEST_DATA { set fld "" if { [HTTP::payload] contains "fld=" } { foreach x [split [HTTP::payload] "&"] { if { $x starts_with "fld=" } { set fld [lindex [split $x "="] 1] continue } } } elseif { [HTTP::payload] contains "<fld>" } { set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"] } if { $fld ne "" } { if { ![string is digit $fld] } { log local0. "invalid fld value, rejecting from [IP::client_addr]" HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close" } } }
Kevin_Stewart
Sep 19, 2022Employee
Takes a little more work to get the HTTP payload from a POST request, but logic is mostly the same:
#}
when HTTP_REQUEST {
if { [HTTP::method] eq "POST" } {
## Trigger collection for up to 1MB of data
if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
## Check if $content_length is not set to 0
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
if { [HTTP::payload] contains "fld=" } {
foreach x [split [HTTP::payload] "&"] {
if { $x starts_with "fld=" } {
if { ![string is digit [lindex [split $x "="] 1]] } {
log local0. "invalid fld value, rejecting from [IP::client_addr]"
HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close"
}
}
}
}
}
- JD_TomzakSep 19, 2022Cirrus
Well the good news is most of this was already in place so it is working. Thanks!
The only thing missing is when they send it to me in XML sometimes instead of a key/value pair.
Not sure how often that comes up. But its not "fid =" in this case.
its <fid>1234a</fid><pw>test123</pw>
Thoughts?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects