For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mattias_56723's avatar
mattias_56723
Icon for Nimbostratus rankNimbostratus
Sep 10, 2009

simple filter question of uri

If I want to filter out "?listall=1" and also "log=0" in the uri.   ex: http://testsite.com/test.aspx?listall=1?log=0   to http://testsite.com/test.aspx   How will the syntax look like...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 10, 2009
Hi Max,

 

 

You can use HTTP::query (Click here) to retrieve the full query string. You can parse individual parameter values using 'URI::query [HTTP::uri] listall' (Click here) to retrieve the value of the listall parameter. You can use string map to remove the parameter name=parameter value string.

 

 

If you read up on these commands and still have questions, reply here with what you've tried and what you're seeing. Note that if the page which receives the requests accepts POST requests, an attacker could include the parameters in the post data. In that case, you'd need to collect the payload, inspect it and potentially rewrite it. To do this, you could use HTTP::collect (Click here) and HTTP::payload.

 

 

Aaron