Forum Discussion
Pierre_A__3689
Nov 23, 2011Nimbostratus
Path traversal iRules
Hi all,
trying to implement iRules to deny path traversal, i have found 3 so far on but none seems to stop it. Here's the latest one,
when RULE_INIT {
set ::vDebug 1
}
when HTTP_REQUEST {
if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } {
if { $::vDebug } { log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]"
}
reject
}
}
And here the path i am trying to block
https://www.website.com/site/services/web-inf/%2e%2e%2e%2e%2e%2e%2e/boot.ini
i tried to add %2e in the matches_regex but didn't work, not sure if i added it at the right place, not very familiar with iRules... Anyone has an idea how to block this ?
Appreciate
Pierre.
- hooleylistCirrostratusHi Pierre,
when HTTP_REQUEST { Fully decode the URI from: http://devcentral.f5.com/wiki/iRules.FullyDecodeURI.ashx set tmpUri [HTTP::uri] set uri [URI::decode $tmpUri] repeat decoding until the decoded version equals the previous value. while { $uri ne $tmpUri } { set tmpUri $uri set uri [URI::decode $tmpUri] } Check if the decoded URI has two consecutive dots if {[string match {*..*} $uri]}{ reject } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects