Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Jul 09, 2023

Irule to block a request if Content-Disposition name is not avail.

Dear Experts, i need your help to  write an IRule that match the URL (Test/test1) and if doesnt have the Content-Disposition: form-data; name="CaptchaCode, i want to drop the request, i have tried t...
application delivery
whisperer's avatar
whisperer
Icon for MVP rankMVP
Jul 10, 2023

A few issues here:

- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

- I don't see a CaptchaCode HTTP header in your test.

Once you fix the test, and we know exactly what you are trying to accomplish, and that in fact you are getting the right Headers from the client, then we can work on the iRule 🙂

  • Muhannad's avatar
    Muhannad
    Icon for Cirrus rankCirrus
    Jul 10, 2023

    Thanks for your response.

    - Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

    Sorry it is mistypo from my side, it is:

    when HTTP_REQUEST {
    if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
    { drop } }

    - I don't see a CaptchaCode HTTP header in your test:

    It is not in the header, i think it is content value in the content-Disposition:

    ------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"

    Regards,

    Muhnnad

     

     

    • whisperer's avatar
      whisperer
      Icon for MVP rankMVP
      Jul 10, 2023
      Muhannad wrote:

      Thanks for your response.

      - Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.

      Sorry it is mistypo from my side, it is:

      when HTTP_REQUEST {
      if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
      { drop } }

      - I don't see a CaptchaCode HTTP header in your test:

      It is not in the header, i think it is content value in the content-Disposition:

      ------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"

      Regards,

      Muhnnad

       

       

      Thanks for the additional information. So you want to look into the Content-Type header. This should work I think for you:

      when HTTP_REQUEST {
  if {([string tolower [HTTP::uri]] contains "/test1") && (!([HTTP::header "Content-Type"] contains "CaptchaCode"))} {
    drop
  }
}
      • CA_Valli's avatar
        CA_Valli
        Icon for MVP rankMVP
        Jul 11, 2023

        I've been trying to reply but it doesn't accept my syntax -- posting empty message to be edited. 

        [EDIT]
        Since the request is multiparted, you won't see the name="CapthcaCode" in the HTTP Content-Type header, but in the first boundary instead. 

        This means that iRule should account to inspect the name in the Content-Disposition header of each part (boundary) of the multipart request. This requires you to collect data! 

        I've scripted some code below that should do the trick: 

         

        when HTTP_REQUEST { 
  if {[HTTP::method] eq "POST" && [HTTP::path] eq "/test/test1" && [HTTP::header exist "Content-Type"]}{
    if { [string tolower [HTTP::header "Content-Type"]] starts_with "multipart/form-data" }{
      HTTP::collect 
    } else { return } 
  } 
} 
when HTTP_REQUEST_DATA { 
  set data [HTTP::payload] 
  if { $data contains "name=\"CaptchaCode\"" }{ 
    # log local0. "Legitimate request" 
    HTTP::release 
  } else { 
    drop 
  } 
}

         

        For further reference, have a look at nagi 's HTTP Multipart and Security Implications article, it's some good stuff.