For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Emad's avatar
Emad
Icon for Cirrostratus rankCirrostratus
Nov 28, 2013

Stop POST requests.

Hi. I was working to stop certain type of requests to web servers via LTM Irule. Right now i can stop different patterns in HTTP GET request i.e via URI. but i also want to stop certain patterns in P...
application delivery
design
devops
iRules
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Nov 28, 2013

A POST will generally have a payload that you need to worry about, but it will also have a URI. So your mitigation a are dependent on the injection point. An example POST request:

POST /foo/bar/test.exe HTTP/1.1
Host: www.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla...

username=foo&password=bar&execute=test.exe

So you could still look at the URI in a POST request, but then you can also look at the payload, which would require a collection. If I had to guess, I would assume your application predominantly uses GETs, so the overhead of collecting on POSTs, and potentially a subset of POSTs based on some trigger URIs, wouldn't be too overwhelming.