For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Marcel_Derksen_'s avatar
Marcel_Derksen_
Icon for Nimbostratus rankNimbostratus
Jan 26, 2005

Validate Application Requests

Hi,   I want the F5 to validate the application request so it can function as a full L7 proxy. Is there a way to solve this using iRules or is this something that is standard behaviour? So if a l...
application delivery
dev
devops
iRules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Jan 26, 2005
Hi Marcel,

The BigIP doesn't necessarily validate HTTP requests. We do validate that the request is compliant with RFC2616. Ie, the first line of a request has three fields, the method, a uri, and a version. We do not validate what the methods are or what the version is.

If you would like to do that kind of thing, then the following rule example should help: 

    
 class valid_methods { 
    "GET" 
    "POST" 
    "HEAD" 
 } 
 rule validate_http { 
    when HTTP_REQUEST { 
       if { [HTTP::version] eq "Unknown" } { 
          log "Invalid HTTP version - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } elseif { not [matchclass [HTTP::method] equals $::valid_methods] } { 
          log "Invalid HTTP method [HTTP::method] - connection from: [IP::remote_addr]:[TCP::remote_port] rejected" 
          reject 
       } 
    } 
 }

You can update the valid_methods class to include any methods your site might need.