Forum Discussion

TheManu's avatar
TheManu
Icon for Nimbostratus rankNimbostratus
Apr 19, 2010

Rejecting HTTP request

Hello there,     I'm trying to reject a http request when it's containing a special string, but it doesn't work.     Please have a look at my rule:     when HTTP_REQUEST {   if {...
application delivery
dev
devops
iRules
v4
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 19, 2010
Hi Manu,

 

 

Yes, if the string you're looking for is in the query string you could check HTTP::uri (which is the path and query string) or be more precise and check only the query string using HTTP::query.

 

 

You might also want to set the query string to lower case and URI decode it before checking for the string to ensure a malicious user can't obfuscate the string in their request (%4d%79%53%74%72%69%6e%67 is "MyString" URI encoded).

 

 

See the wiki pages for details:

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/http__query

 

http://devcentral.f5.com/wiki/default.aspx/iRules/http__uri

 

http://devcentral.f5.com/wiki/default.aspx/iRules/http__path

 

http://devcentral.f5.com/wiki/default.aspx/iRules/uri__decode

 

 

Aaron