For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 17, 2014

    The [HTTP::host] command will return the Host header portion of the URL (ex. aaaa.com), while the [HTTP::uri] command will return the URI portion of the URL (ex. /bbb/ccc/xml). If you just care about the URI, then the following should work:

    when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] starts_with "/bbb/ccc.xml" } {
        HTTP::respond 404 "Not Found" "Connection" "close"
    }
}
  • FFX2014_23725's avatar
    FFX2014_23725
    Icon for Nimbostratus rankNimbostratus
    Jul 17, 2014

    For this situation I do care about the host header since the link has both HTTP and HTTPS instance. We only want to block the HTTPS and still allow HTTP.

     

    Is this correct?

     

    when HTTP_REQUEST { if { [string tolower [HTTP::host]] starts_with "https://aaaa.com/bbb/ccc.xml" } { HTTP::respond 404 "Not Found" "Connection" "close" } }

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 17, 2014

    You're presumably going to have this iRule applied to an HTTP or HTTPS VIP, so the http:// or https:// in the request will be respective to the applied VIP. You can evaluate the protocol scheme, but you shouldn't have to. Further, the HTTP_REQUEST event is going to be triggered on an HTTP request to the VIP, which the user is going to generally request by name (or IP). If you filter on the name in the iRule, then the user can bypass the condition by using the IP address to access the VIP.