iRule for screening form submission to script

Question

Our security team believes that a particular application is so sensitive that we should let the submitted data reach the server only if it passes content-based screening.  The idea would be to confirm that the fields and values submitted matched those that are valid (the form will not have any free-response -- text or textarea -- fields, only radio buttons, check-boxes, and selects).  Valid input would be passed along intact to the intended server for the script to process; we haven't decided yet whether invalid input should result in immediate failure, or in pooling to a different pool, where the server would respond with an error page, on the off-chance that a human was at the other end. 
&nbsp;  
&nbsp; This form is coded for method="POST" -- but knowing how to deal with method="GET" might also be useful, later. 
&nbsp;  
&nbsp; Looking at the CodeShare iRule samples, I noticed "HTTP Payload Collection"; is this a sensible starting point?  Is there a better starting point?  Are there any particular pitfalls to be alert to as we start down this way?   
&nbsp;  
&nbsp; Thanks in advance for all advice.

dennypayne · Answer

This kind of thing is precisely what the ASM module is for (Click here).   
&nbsp;  
&nbsp; That said, yes you could use HTTP::collect, parse the payload for various different conditions (probably using regex), and accept or reject (or send to an error pool) the connections based upon what you find. 
&nbsp;  
&nbsp; Denny

Forum Discussion

iRule for screening form submission to script

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

APM Optimisation Script

Passing Arguments to iCall Scripts

Introducing the single Installation script for F5 NGINX Instance Manager

Cross Site Scripting (XSS) Exploit Paths

Microsoft 365 IP Steering python Script

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS