Forum Discussion
TheManu
Nimbostratus
NimbostratusRejecting HTTP request
Hello there,
I'm trying to reject a http request when it's containing a special string, but it doesn't work.
Please have a look at my rule:
when HTTP_REQUEST {
if {[HTTP::path] starts_with "/MyString"}
{
reject
}
}
Is it correct to use the starts_with reference?
Do I have to change the sting "/MyString"? (The string could look like this www.myurl.com/MyStringAndMore/something.html)
Is the reject command correct?
Thank you for your help.
2 Replies
TheManuProblem solved. It works like this:
when HTTP_REQUEST {
if {[HTTP::uri] contains "MyString"}
{
reject
}
}
hoolioCirrostratus
Hi Manu,
Yes, if the string you're looking for is in the query string you could check HTTP::uri (which is the path and query string) or be more precise and check only the query string using HTTP::query.
You might also want to set the query string to lower case and URI decode it before checking for the string to ensure a malicious user can't obfuscate the string in their request (%4d%79%53%74%72%69%6e%67 is "MyString" URI encoded).
See the wiki pages for details:
http://devcentral.f5.com/wiki/default.aspx/iRules/http__query
http://devcentral.f5.com/wiki/default.aspx/iRules/http__uri
http://devcentral.f5.com/wiki/default.aspx/iRules/http__path
http://devcentral.f5.com/wiki/default.aspx/iRules/uri__decode
Aaron
