iRule for file based content blocking

Question

Hello, I was wondering if there was a way to write iRules to block certain file types from passing through the big-ip box into the servers.  I know that it is easy to write rules to block certain ports and ips to pass though the box but I was interested if I could expand upon that.  For example could the big-ip be set up to allow uploads of any PDF files but block all Microsoft Word document uploads from a certain range of ips? Thanks.

the_bhattman · Answer

Here is an elegant irule (Click here) that someone posted to do something very similiar to what you are asking.  You can certainly modify it to what you want to block.&nbsp;
&nbsp;Hope this helps&nbsp;
&nbsp;/cb&nbsp;

hoolio · Answer

I think the poster might be looking to validate "files" uploaded via HTTP using the POST method.  If that's the case, the options are somewhat limited.  The filename is passed as one parameter and the "file" content is passed in a second parameter as encoded binary data.  There isn't anything stopping a malicious user from naming a file with a .txt extension but then uploading any arbitrary content.  And there isn't much of a way to validate what the encoded binary data contains.
Here is some detail from RFC1867:
http://www.ietf.org/rfc/rfc1867.txt
6. Examples
   Suppose the server supplies the following HTML:
     &gt; ACTION="http://server.dom/cgi/handle"
           ENCTYPE="multipart/form-data"
           METHOD=POST&gt;
     What is your name? 
     What files are you sending? 
     
   and the user types "Joe Blow" in the name field, and selects a text
   file "file1.txt" for the answer to 'What files are you sending?'
   The client might send back the following data:
        Content-type: multipart/form-data, boundary=AaB03x
        --AaB03x
        content-disposition: form-data; name="field1"
        Joe Blow
        --AaB03x
        content-disposition: form-data; name="pics"; filename="file1.txt"
        Content-Type: text/plain
         ... contents of file1.txt ...
        --AaB03x--
        Content-Type: text/plain
        ... contents of file1.txt ...
        --BbC04y
        Content-disposition: attachment; filename="file2.gif"
        Content-type: image/gif
        Content-Transfer-Encoding: binary
          ...contents of file2.gif...
        --BbC04y--
        --AaB03x--
ASM provides some functionality along these lines.  You can easily validate the size of the file data parameter and the value of the filename parameter.
If you're still interested in trying this in an iRule, can you provide more detail on exactly what you're trying to validate so we can provide some suggestions?
Aaron

Forum Discussion

iRule for file based content blocking

2 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

APM Webtop SSL-VPN pop up customization

CLI Command to Identify Virtual Servers Using L4 vs L7 Monitors

CLI Command to Identify Wide IPs Using L4 vs L7 Monitors

F5OS (r4800) web interface access issue

ssh on slot1 failed f5 viprion

Related Content

iRule to modify a content-security-policy header

MS Exchange ProxyNotShell block implemented via iRules

Massive DDoS, DanaBot Dismantled, Scraped Discord Messages and Signal Blocks Windows Recall

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS