Forum Discussion
Irule to block a request if Content-Disposition name is not avail.
Thanks for your response.
- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.
Sorry it is mistypo from my side, it is:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }
- I don't see a CaptchaCode HTTP header in your test:
It is not in the header, i think it is content value in the content-Disposition:
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
Regards,
Muhnnad
Muhannad wrote:Thanks for your response.
- Your test URL /test/test1 does not match the HTTP uri comparison "/insertandpostcustomerticket" in the iRule.
Sorry it is mistypo from my side, it is:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/test1") && ([string tolower (![HTTP::header exists "captchacode"]]) }
{ drop } }- I don't see a CaptchaCode HTTP header in your test:
It is not in the header, i think it is content value in the content-Disposition:
------WebKitFormBoundarymLZWar1odHH1fIF1 Content-Disposition: form-data; name="CaptchaCode"
Regards,
Muhnnad
Thanks for the additional information. So you want to look into the Content-Type header. This should work I think for you:
when HTTP_REQUEST {
if {([string tolower [HTTP::uri]] contains "/test1") && (!([HTTP::header "Content-Type"] contains "CaptchaCode"))} {
drop
}
}
- CA_ValliJul 11, 2023
MVP
I've been trying to reply but it doesn't accept my syntax -- posting empty message to be edited.
[EDIT]
Since the request is multiparted, you won't see thename="CapthcaCode"
in the HTTP Content-Type header, but in the first boundary instead.This means that iRule should account to inspect the name in the
Content-Disposition
header of each part (boundary) of the multipart request. This requires you to collect data!I've scripted some code below that should do the trick:
when HTTP_REQUEST { if {[HTTP::method] eq "POST" && [HTTP::path] eq "/test/test1" && [HTTP::header exist "Content-Type"]}{ if { [string tolower [HTTP::header "Content-Type"]] starts_with "multipart/form-data" }{ HTTP::collect } else { return } } } when HTTP_REQUEST_DATA { set data [HTTP::payload] if { $data contains "name=\"CaptchaCode\"" }{ # log local0. "Legitimate request" HTTP::release } else { drop } }
For further reference, have a look at nagi 's HTTP Multipart and Security Implications article, it's some good stuff.
- MuhannadJul 13, 2023
Cirrus
Dear CA_Valli,
Thanks for the information, it is really appreciated.
I hadn't the chance to test yet coz this is a production enviorment and not easy to take approvals for testing, i will update you about the results once i got the approvals.
Regards,
Muhannad
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com