Forum Discussion

Nimbostratus

Apr 19, 2010

Rejecting HTTP request

Hello there, I'm trying to reject a http request when it's containing a special string, but it doesn't work. Please have a look at my rule: when HTTP_REQUEST { if {...

Cirrostratus

Apr 19, 2010

Hi Manu,

Yes, if the string you're looking for is in the query string you could check HTTP::uri (which is the path and query string) or be more precise and check only the query string using HTTP::query.

You might also want to set the query string to lower case and URI decode it before checking for the string to ensure a malicious user can't obfuscate the string in their request (%4d%79%53%74%72%69%6e%67 is "MyString" URI encoded).

See the wiki pages for details:

http://devcentral.f5.com/wiki/default.aspx/iRules/http__query

http://devcentral.f5.com/wiki/default.aspx/iRules/http__uri

http://devcentral.f5.com/wiki/default.aspx/iRules/http__path

http://devcentral.f5.com/wiki/default.aspx/iRules/uri__decode

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Rejecting HTTP request

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

Related Content

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

HTTP Request Throttle

Handling HTTP Requests on an HTTPS Virtual Server

HTTP request cloning

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS