For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jondyke_46152's avatar
jondyke_46152
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

Irule for restriciting URL paths unsecure

I currenlty use an irule that I use to restrict traffic to certain paths:-     when HTTP_REQUEST {     if {([matchclass [HTTP::uri] starts_with $::securePaths]) and not ([ma...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 19, 2008
You could use regsub to handle multiple slashes (regsub -all /+ [HTTP::uri] result), but there are quite a few other techniques attackers could use to obfuscate the URI to bypass any blacklist.

 

 

Another example is using backslashes instead of forward slashes. IE and IIS accept this. Attackers can also break up the URI using periods for current directory and previous directory:

 

 

http://www.microsoft.com/en/us/../us/default.aspx and http://www.microsoft.com/en/us/./default.aspx for http://www.microsoft.com/en/us/default.aspx

 

 

There are also different ways to encode the characters in the URI. Here is a PDF I found which describes these and other obfuscation methods (Click here)

 

 

Trying to handle every attack method in an iRule is going to be a losing battle. If you're able to use a whitelist you'd be in a much better position.

 

 

Aaron