Forum Discussion
abhinay
Nimbostratus
NimbostratusRequest for providing help on setting up an iRule
Hi All, Can you please let me know how can I accomplish the below requirement with an iRule. Any requests that use any method and have "cs.exe" or "llisapi.dll" in the URI and also have a query str...
abhinay please share how you test in postman.
I've tried and it works if the POST body is raw type and looks like this : fInArgs=%3D%23
This is what rules I am using:when HTTP_REQUEST {
if { ([class match [HTTP::uri] contains example_uri_1]) and ( [HTTP::query] contains "%3D%23") }{
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
log local0. "deny URI: [HTTP::uri] query:[HTTP::query]"
}
if {[HTTP::method] eq "POST"}{
# Trigger collection for up to 1MB of data
if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
# Check if $content_length is not set to 0
if { $content_length > 0} {
HTTP::collect $content_length
}
}
}
when HTTP_REQUEST_DATA {
if { [HTTP::method] equals "POST" }{
# Extract the entire HTTP request body and escape it to become a HTTP::uri string (for easier parsings)
set http_request_body "?[HTTP::payload]"
log local0. "http payload: $http_request_body"
# Try to parse type value from the HTTP request body.
if { [URI::query $http_request_body fInArgs] equals "%3D%23" } {
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
} }
}if you use application/x-www-form-urlencoded you will have to match this "%253D%2523"
if { [URI::query $http_request_body fInArgs] equals "%253D%2523" } {
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
}or use URI::decode :
if { [URI::decode [URI::query $http_request_body fInArgs]] equals "%3D%23" } {
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
}and if it is a form-data:
set varB [findstr [HTTP::payload] "fInArgs"]
if { $varB contains "%3D%23" } {
HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
}I noticed from other comments in this thread that variable name is fInArgs with an uppercase "i".
Variable name in my code has a lowercase "L" -- I must have read that wrong before. If you just copy/pasted and didn't fix it, it might not match because of this.
Otherwise, I'd expect it to work -- it does in my lab.
mihaic
MVP
MVPfrom what you shared the the key is "_fInArgs= " and the value is not what you asked for . it is not "%3D%23"
"key": "_fInArgs=", "value": "A<1,?,'_ApiName'='SessionFree','_ConnectionName'=#AAAA>",
the format you shared seems to be a JSON
try to put something from the value.
abhinayNimbostratus
Nimbostratusmihaic Thats right Sorry for the confusion, an Internal team was testing this earlier. I got the Postman file from them and checked that the key and value were different.
I already made changes and tested for body with "_fInArgs=" that contains "=#" which did not work tried "_fInArgs=" that contains "SessionFree" which did not work either. your help will be appreciated.
when HTTP_REQUEST_DATA {
if { [HTTP::method] equals "POST" }{
# Extract the entire HTTP request body and escape it to become a HTTP::uri string (for easier parsings)
set http_request_body "?[HTTP::payload [HTTP::header value "Content-Length"]]"
# Try to parse type value from the HTTP request body.
if { [URI::decode [URI::query $request_body _fInArgs=]] contains "=#" } {
log local0. "_fInArgs= : $_fInArgs="
HTTP::respond 403 content "Forbidden" "Content-Type" "text/html"
}
}
}