Validate Application Requests

Question

Hi, 
&nbsp; I want the F5 to validate the application request so it can function as a full L7 proxy. Is there a way to solve this using iRules or is this something that is standard behaviour? So if a look into HTTP when I use the HTTP_REQUEST option is this request checked to see if it is a normal HTTP request before the condition HTTP_REQUEST is met? 
&nbsp; Marcel

unruley_95363 · Answer

Hi Marcel,    
      The BigIP doesn't necessarily validate HTTP requests.  We do validate that the request is compliant with RFC2616.  Ie, the first line of a request has three fields, the method, a uri, and a version.  We do not validate what the methods are or what the version is.    
        
    If you would like to do that kind of thing, then the following rule example should help:    
     
 class valid_methods { 
    "GET" 
    "POST" 
    "HEAD" 
 } 
 rule validate_http { 
    when HTTP_REQUEST { 
       if { [HTTP::version] eq "Unknown" } { 
          log "Invalid HTTP version - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } elseif { not [matchclass [HTTP::method] equals $::valid_methods] } { 
          log "Invalid HTTP method [HTTP::method] - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } 
    } 
 }

You can update the valid_methods class to include any methods your site might need.

Forum Discussion

Validate Application Requests

1 Reply

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Related Content

Deploying the F5 AI Security Certified OpenShift Operator: A Validated Playbook

Request and validate OAuth / OIDC tokens with APM

Introducing the F5 Application Study Tool (AST)

Validating JWT in per-request policy - subsession

Mitigating OWASP Web Application Risk: Server Side Request Forgery (SSRF) using F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS