Forum Discussion

Cirrus

Jul 09, 2023

Irule to block a request if Content-Disposition name is not avail.

Dear Experts, i need your help to write an IRule that match the URL (Test/test1) and if doesnt have the Content-Disposition: form-data; name="CaptchaCode, i want to drop the request, i have tried t...

application delivery

CA_Valli

MVP

Jul 11, 2023

I've been trying to reply but it doesn't accept my syntax -- posting empty message to be edited.

[EDIT]
Since the request is multiparted, you won't see the name="CapthcaCode" in the HTTP Content-Type header, but in the first boundary instead.

This means that iRule should account to inspect the name in the Content-Disposition header of each part (boundary) of the multipart request. This requires you to collect data!

I've scripted some code below that should do the trick:

when HTTP_REQUEST { 
  if {[HTTP::method] eq "POST" && [HTTP::path] eq "/test/test1" && [HTTP::header exist "Content-Type"]}{
    if { [string tolower [HTTP::header "Content-Type"]] starts_with "multipart/form-data" }{
      HTTP::collect 
    } else { return } 
  } 
} 
when HTTP_REQUEST_DATA { 
  set data [HTTP::payload] 
  if { $data contains "name=\"CaptchaCode\"" }{ 
    # log local0. "Legitimate request" 
    HTTP::release 
  } else { 
    drop 
  } 
}

For further reference, have a look at nagi 's HTTP Multipart and Security Implications article, it's some good stuff.

Muhannad

Cirrus

Jul 13, 2023

Dear CA_Valli,

Thanks for the information, it is really appreciated.

I hadn't the chance to test yet coz this is a production enviorment and not easy to take approvals for testing, i will update you about the results once i got the approvals.

Regards,

Muhannad

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)