Forum Discussion

hirox_127495's avatar
hirox_127495
Historic F5 Account
Aug 29, 2005

POST DATA sanitizing iRule

I'm trying to create HTTP POST DATA sanitizing iRule but it doesn't work correctly.

"<"(%3C), ">"(%3E) and "&"(%26) are have to be replaced to "<", ">", "&" to sanitize.

Following script is sample for replacing "%3C" to "<" but %3C still remains and < is appended after %3C.


rule test_sanitize {
   when HTTP_REQUEST {
  set clen [HTTP::header Content-Length]
  if { $clen > 0 } {
    log "Collecting $clen of data."
    HTTP::collect $clen
  } else {
    log "Content-Length is [HTTP::header Content-Length] will be collected."
  }
}
when HTTP_REQUEST_DATA {
  set find "%3C"
  set replace "<"
  if { [HTTP::payload] contains "%3Cscript%3E" } {
    regsub -all $find [HTTP::payload] $replace fixeddata
    log $fixeddata
    log "Replacing payload with fixed data."
    HTTP::payload replace 0 [HTTP::payload len] $fixeddata
    HTTP::release
  }
}
}

log message is as follows.

Aug 29 11:28:06 tmm tmm[19059]: 01220002:6: Rule test_sanitize : input=%3Clt;script%3Etest%3Clt;%2Fsc ript%3E&user_input=%C1%F7%BF%AE

I think "&" is also special character in iRule and I have no idea to escape.

Please give me an advice.

application delivery
dev
devops
iRules
  • hirox_127495's avatar
    hirox_127495
    Historic F5 Account
    Aug 29, 2005
    my post was translated automatically by web application...

     

     

    The article should be translated to following...

     

    "<" is "ampersand + lt;", and ">" is "ampersand + gt;".

     

    And also "&" is "ampersand + amp;".

     

     

    Thanks!

     

  • hirox_127495's avatar
    hirox_127495
    Historic F5 Account
    Aug 30, 2005
    Ampersand("&") should have been encoded and written.

    Following worked as I expected but I think it is verbose.

    Please give me an advice to be simple.

    
rule test_sanitize {
   when HTTP_REQUEST {
  set clen [HTTP::header Content-Length]
  if { $clen > 0 } {
    HTTP::collect $clen
  }
}
when HTTP_REQUEST_DATA {
  set find1 "%3C"
  set replace1 "%26lt;"
  set find2 "%3E"
  set replace2 "%26gt;"
  set find3 "%26"
  set replace3 "%26amp;"
  set fixeddata [HTTP::payload]
  if { [HTTP::payload] contains "%26" } {
    regsub -all $find3 $fixeddata $replace3 fixeddata
  }
  if { [HTTP::payload] contains "%3C" } {
    regsub -all $find1 $fixeddata $replace1 fixeddata
  }
  if { [HTTP::payload] contains "%3E" } {
    regsub -all $find2 $fixeddata $replace2 fixeddata
  }
    HTTP::payload replace 0 [HTTP::payload len] $fixeddata
    HTTP::release
}
}
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Aug 30, 2005
    You should find some really useful information on regsub, regexp and payload replacement in this post about scrubbing CCN & SSN's: Click here

     

    http://devcentral.f5.com/default.aspx?tabid=28&view=topic&forumid=5&postid=3345