For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marc_Bergeron_5's avatar
Marc_Bergeron_5
Icon for Nimbostratus rankNimbostratus
Aug 15, 2007

Process POST data

I'm looking to patch a security issue in our application until our developers have time to do their thing, and I'm hoping to do it with iRules.     What I have is a log-in page, login.asp, that ...
application delivery
dev
devops
iRules
Deb_Allen_18's avatar
Deb_Allen_18
Historic F5 Account
Aug 15, 2007
Maybe this?
 when HTTP_REQUEST_DATA {
  if {[string tolower [HTTP::path]] contains "login.asp"} {
     save original password value
    set pw [findstr [HTTP::payload] "&password=" 10 &]
     strip special characters from entire payload
    set newPayload [string map {< "" > "" % ""} [HTTP::payload]]
     if original pw value was changed, replace original value
    if {[string first &password=$pw $newPayload] < 0 }{ 
      regsub {("&password=)(.*?)(&)?} $newPayload {\1$pw\3} newPayload
    }
    HTTP::payload replace 0 [HTTP::payload length] $newPayload
    HTTP::release
    log local0. "new payload: $newPayload"
  }
}

Should work regardless of password parameter position.

/deb