Forum Discussion

Nimbostratus

12 years ago

Matching ASCII codes %00 - %1f in HTTP::uri

According to: http://www.w3schools.com/tags/ref_urlencode.asp "The ASCII device control characters %00-%1f were originally designed to control hardware devices. Control characters have nothing to...

Steven_Filisko_

Nimbostratus

12 years ago

I am not an expert-level iRuler at this point (yet), so someone may have a better, more direct answer, but... I would add the "log" lines below. The output will show in the "Local Traffic" log (or /var/log/ltm on the F5 itself). It will give you a better idea of what is going on.

I did find a package that is supposed to "test iRules" but it isn't quite very intuitive (from what I have seen so far).

when HTTP_REQUEST {
    log local0. "Checking URI: [HTTP::uri]"
    if { [HTTP::uri] contains "%00" } {
        log local0. "Illegal URI: Closing Connection."
        HTTP::close
        TCP::close
    }
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Matching ASCII codes %00 - %1f in HTTP::uri

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

HTTP URI Replace/Redirect

set TOKEN [getfield [HTTP::uri]

Persist using a string in an HTTP URI

Http Response Based On Requested Uri

if http uri starts with

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS