Forum Discussion
Irule to block a request if Content-Disposition name is not avail.
Dear Experts,
i need your help to write an IRule that match the URL (Test/test1) and if doesnt have the Content-Disposition: form-data; name="CaptchaCode, i want to drop the request, i have tried to match it via the below Irule but it seems that it doesnt match it, below more information:
The Request:
POST /test/test1 HTTP/1.1 Host: Test.com Connection: keep-alive Content-Length: 2675 Cache-Control: max-age=0 sec-ch-ua: "Not.A/Brand";v="8", "Chromium";v="114", "Microsoft Edge";v="114" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: null
Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Language: en-US,en;q=0.9 Cookie: Microsoft.AspNetCore.Localization.CookieRequestCultureProvider=CfDJ8Hy2PC-jQdNKhuG0yBqr2pwuICqrbayYLFPEIpxuI-toOjX2-lZTdq4qvzmHhCrKpL_iIQA85JUw0RxJXrCGVWH-bkTwX8c0lsbREciH7ekQeVBX_kBUhLybWmjTM2dmfrKwHYsFxLMJhVNzn8WD2Wk; TS01c0d31c=01f62dab761e4c54d1f34b73260c073a86ad157056848b710e67c0327d5fc6f2dd386447f7b294989d59825dc391eee3e38a9f3d0178eeb9244b5656fc9e7cb47f2567ce5ad4010bd5d19e44461e272fa38724e0a1; _ga=GA1.1.862382927.1679483115; _fbp=fb.1.1681724603251.1345688915; __utmz=122826463.1686725330.10.3.utmcsr=madfooat.com|utmccn=(referral)|utmcmd=referral|utmcct=/; _gcl_au=1.1.1938501219.1687336682; __utmc=122826463; .AspNetCore.Session=CfDJ8Hy2PC+jQdNKhuG0yBqr2pzgnQyXxhysaTKmTfA8eaiI6WDLyubGN89tFuaEm/oJo2KJ+2BenQYwVniuQ6FDw39x7bzdejDfEmi5jUkK14BA6lFrLXRhHUNdIO0a+tan887i6JDNuVVNjJiEzyyEVHoFGxlDCKviUWG/l8bSXMks; _ga_S6HQN1W6GB=GS1.1.1688625327.34.1.1688625408.0.0.0; RT="z=1&dm=efawateercom.jo&si=y106dy8bvir&ss=ljqrxddm&sl=0&tt=0"; __utma=122826463.862382927.1679483115.1688625337.1688733349.16; TS01200b3d=01f62dab760935cb34cad590166765f4482513b87f414c1fda020c4300b26f1318555dcd934d865f63c2ecc76a87b3ded66be33aee15d5a8cd05a4c89ef4cbb39746897a43; _ga_3XMB8ZPWFQ=GS1.1.1688733347.30.1.1688734130.0.0.0; __utmt_UA-117405427-1=1; __utmb=122826463.5.10.1688733349 X-Forwarded-For: 1.1.1.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymLZWar1odHH1fIF1
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
T1QW
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="__RequestVerificationToken"
The IRule that has been tested:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/insertandpostcustomerticket") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }
Looking forward to hearing from you.
Regards,
Muhannad
Hello,
I think it is not working because you are looking for a header called "CaptchaCode" in the irule and this is a header's value not a header name.
- MuhannadCirrus
Thanks Mohamed,
Is there anyway to match the header value in the IRule?
Regards,
Muhannad
Hello Muhannad,
Please find the below link to check for header's value:
Thanks,
A few issues here:
- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.
- I don't see a CaptchaCode HTTP header in your test.
Once you fix the test, and we know exactly what you are trying to accomplish, and that in fact you are getting the right Headers from the client, then we can work on the iRule 🙂
- MuhannadCirrus
Thanks for your response.
- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.
Sorry it is mistypo from my side, it is:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }- I don't see a CaptchaCode HTTP header in your test:
It is not in the header, i think it is content value in the content-Disposition:
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
Regards,
Muhnnad
Muhannad wrote:Thanks for your response.
- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.
Sorry it is mistypo from my side, it is:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }- I don't see a CaptchaCode HTTP header in your test:
It is not in the header, i think it is content value in the content-Disposition:
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
Regards,
Muhnnad
Thanks for the additional information. So you want to look into the Content-Type header. This should work I think for you:
when HTTP_REQUEST { if {([string tolower [HTTP::uri]] contains "/test1") && (!([HTTP::header "Content-Type"] contains "CaptchaCode"))} { drop } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com