Forum Discussion
Lee_Sutcliffe
Jan 24, 2018Nacreous
This isn't tested, but may be a useful starting point for you. You can use HTTP::collect to collect payload data and find what you're looking for in HTTP_REQUEST_DATA.
Putting restricted words in a datagroup means you don't have to change the iRule everytime you add a new word.
DATAGROUP
ltm data-group internal restricted_dg {
records {
restricted_word {}
}
type string
}
IRULE
when HTTP_REQUEST {
if {[HTTP::method] eq "POST"} {
HTTP::collect 100
}
}
when HTTP_REQUEST_DATA {
set payload [HTTP::payload]
if {[class match $payload contains "restricted_dg"]} {
log local0. "Rejecting restricted content"
reject
}
}
HTTP::payload https://devcentral.f5.com/wiki/iRules.HTTP__payload.ashx
HTTP::collect https://devcentral.f5.com/wiki/iRules.HTTP__collect.ashx