For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marcel_Derksen_'s avatar
Marcel_Derksen_
Icon for Nimbostratus rankNimbostratus
Jan 26, 2005

Validate Application Requests

Hi,

 

I want the F5 to validate the application request so it can function as a full L7 proxy. Is there a way to solve this using iRules or is this something that is standard behaviour? So if a look into HTTP when I use the HTTP_REQUEST option is this request checked to see if it is a normal HTTP request before the condition HTTP_REQUEST is met?

 

Marcel
application delivery
dev
devops
iRules

1 Reply

  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Jan 26, 2005
    Hi Marcel,

    The BigIP doesn't necessarily validate HTTP requests. We do validate that the request is compliant with RFC2616. Ie, the first line of a request has three fields, the method, a uri, and a version. We do not validate what the methods are or what the version is.

    If you would like to do that kind of thing, then the following rule example should help: 

        
 class valid_methods { 
    "GET" 
    "POST" 
    "HEAD" 
 } 
 rule validate_http { 
    when HTTP_REQUEST { 
       if { [HTTP::version] eq "Unknown" } { 
          log "Invalid HTTP version - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } elseif { not [matchclass [HTTP::method] equals $::valid_methods] } { 
          log "Invalid HTTP method [HTTP::method] - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } 
    } 
 }

    You can update the valid_methods class to include any methods your site might need.