Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Jul 09, 2023

Irule to block a request if Content-Disposition name is not avail.

Dear Experts,

i need your help to  write an IRule that match the URL (Test/test1) and if doesnt have the Content-Disposition: form-data; name="CaptchaCode, i want to drop the request, i have tried to match it via the below Irule but it seems that it doesnt match it, below more information:

The Request:

POST /test/test1 HTTP/1.1
Host: Test.com
Connection: keep-alive
Content-Length: 2675
Cache-Control: max-age=0
sec-ch-ua: "Not.A/Brand";v="8", "Chromium";v="114", "Microsoft Edge";v="114"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: null
Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Language: en-US,en;q=0.9 Cookie: Microsoft.AspNetCore.Localization.CookieRequestCultureProvider=CfDJ8Hy2PC-jQdNKhuG0yBqr2pwuICqrbayYLFPEIpxuI-toOjX2-lZTdq4qvzmHhCrKpL_iIQA85JUw0RxJXrCGVWH-bkTwX8c0lsbREciH7ekQeVBX_kBUhLybWmjTM2dmfrKwHYsFxLMJhVNzn8WD2Wk; TS01c0d31c=01f62dab761e4c54d1f34b73260c073a86ad157056848b710e67c0327d5fc6f2dd386447f7b294989d59825dc391eee3e38a9f3d0178eeb9244b5656fc9e7cb47f2567ce5ad4010bd5d19e44461e272fa38724e0a1; _ga=GA1.1.862382927.1679483115; _fbp=fb.1.1681724603251.1345688915; __utmz=122826463.1686725330.10.3.utmcsr=madfooat.com|utmccn=(referral)|utmcmd=referral|utmcct=/; _gcl_au=1.1.1938501219.1687336682; __utmc=122826463; .AspNetCore.Session=CfDJ8Hy2PC+jQdNKhuG0yBqr2pzgnQyXxhysaTKmTfA8eaiI6WDLyubGN89tFuaEm/oJo2KJ+2BenQYwVniuQ6FDw39x7bzdejDfEmi5jUkK14BA6lFrLXRhHUNdIO0a+tan887i6JDNuVVNjJiEzyyEVHoFGxlDCKviUWG/l8bSXMks; _ga_S6HQN1W6GB=GS1.1.1688625327.34.1.1688625408.0.0.0; RT="z=1&dm=efawateercom.jo&si=y106dy8bvir&ss=ljqrxddm&sl=0&tt=0"; __utma=122826463.862382927.1679483115.1688625337.1688733349.16; TS01200b3d=01f62dab760935cb34cad590166765f4482513b87f414c1fda020c4300b26f1318555dcd934d865f63c2ecc76a87b3ded66be33aee15d5a8cd05a4c89ef4cbb39746897a43; _ga_3XMB8ZPWFQ=GS1.1.1688733347.30.1.1688734130.0.0.0; __utmt_UA-117405427-1=1; __utmb=122826463.5.10.1688733349 X-Forwarded-For: 1.1.1.1

Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymLZWar1odHH1fIF1
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
T1QW
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="__RequestVerificationToken"

 The IRule that has been tested:

when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/insertandpostcustomerticket") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }

Looking forward to hearing from you.

Regards,

Muhannad

  • Hello,

    I think it is not working because you are looking for a header called "CaptchaCode" in the irule and this is a header's value not a header name.

  • A few issues here:

    - Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

    - I don't see a CaptchaCode HTTP header in your test.

    Once you fix the test, and we know exactly what you are trying to accomplish, and that in fact you are getting the right Headers from the client, then we can work on the iRule 🙂

    • Muhannad's avatar
      Muhannad
      Icon for Cirrus rankCirrus

      Thanks for your response.

      - Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

      Sorry it is mistypo from my side, it is:

      when HTTP_REQUEST {
      if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
      { drop } }

      - I don't see a CaptchaCode HTTP header in your test:

      It is not in the header, i think it is content value in the content-Disposition:

      ------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode" 

      Regards,

      Muhnnad

       

       

      • whisperer's avatar
        whisperer
        Icon for MVP rankMVP

        Muhannad wrote:

        Thanks for your response.

        - Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

        Sorry it is mistypo from my side, it is:

        when HTTP_REQUEST {
        if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
        { drop } }

        - I don't see a CaptchaCode HTTP header in your test:

        It is not in the header, i think it is content value in the content-Disposition:

        ------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode" 

        Regards,

        Muhnnad

         

         


        Thanks for the additional information. So you want to look into the Content-Type header. This should work I think for you:

        when HTTP_REQUEST {
          if {([string tolower [HTTP::uri]] contains "/test1") && (!([HTTP::header "Content-Type"] contains "CaptchaCode"))} {
            drop
          }
        }