For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

hirox_127495's avatar
hirox_127495
Historic F5 Account
Aug 29, 2005

POST DATA sanitizing iRule

I'm trying to create HTTP POST DATA sanitizing iRule but it doesn't work correctly. "<"(%3C), ">"(%3E) and "&"(%26) are have to be replaced to "<", ">", "&" to sanitize. Following script is sa...
application delivery
dev
devops
iRules
hirox_127495's avatar
hirox_127495
Historic F5 Account
Aug 30, 2005
Ampersand("&") should have been encoded and written.

Following worked as I expected but I think it is verbose.

Please give me an advice to be simple.


rule test_sanitize {
   when HTTP_REQUEST {
  set clen [HTTP::header Content-Length]
  if { $clen > 0 } {
    HTTP::collect $clen
  }
}
when HTTP_REQUEST_DATA {
  set find1 "%3C"
  set replace1 "%26lt;"
  set find2 "%3E"
  set replace2 "%26gt;"
  set find3 "%26"
  set replace3 "%26amp;"
  set fixeddata [HTTP::payload]
  if { [HTTP::payload] contains "%26" } {
    regsub -all $find3 $fixeddata $replace3 fixeddata
  }
  if { [HTTP::payload] contains "%3C" } {
    regsub -all $find1 $fixeddata $replace1 fixeddata
  }
  if { [HTTP::payload] contains "%3E" } {
    regsub -all $find2 $fixeddata $replace2 fixeddata
  }
    HTTP::payload replace 0 [HTTP::payload len] $fixeddata
    HTTP::release
}
}