Forum Discussion
Darius44
Altocumulus
AltocumulusRegex issue
Hello,
I am stuck on trying to find out how to match some parameters in a WAF request using regex wildcard
The parameters that I want to match are int the form of amp;arg20=something where the arg20 can be anything.
The repetitive part that I want to match with the regex is amp; and I want to match multiple times because it appears multiple times in the query string
This is the request
GET /human.aspx?r=2900376326&arg20=dssdds&arg21=aaa HTTP/1.1
I want to match the 2 parameters amp;arg20 and amp;arg21 with a wildcard which appears as invalid parameters
| Parameter Location | Query String |
| Parameter Name | amp;arg20 |
| Parameter Value | dssdds |
| Applied Blocking Settings | Block Alarm Learn |
| Parameter Location | Query String |
| Parameter Name | amp;arg21 |
| Parameter Value | aaa |
| Applied Blocking Settings | Block Alarm Learn |
I tried to create multiple wildcard parameters like: amp.* or amp.+?(?==) but the parameters never match and I get the illegal parameter violation
How can this be achieved?
I somehow got it to work with this solution (not sure why it wasn't working before)
amp;[a-zA-Z0-9]*
Darius44I attahced the wildcard parameter entry that I have created
You can try this:
amp;arg2[01]This site can help you test your regular expressions:
regex101: build, test, and debug regex
- Darius44
Hello,
Thank you for your answer.
I tried it and it still doesn't work.
Anyway there is the posibility that the parameters in the request will be amp;Arg02 or amp;arg100 or even amp;Opt10
The regex in my opinnion should match any parameter that starts with this string amp; and then anything else untill the = sign
I also tried it on the regex website and even on the f5 regex tester and the regex appears to be ok but when I try to use it in the policy it fails
This?
amp;[a-zA-Z0-9]+=
- Darius44
I somehow got it to work with this solution (not sure why it wasn't working before)
amp;[a-zA-Z0-9]*
Nice!
