WebDav detection

Question

Hello all,  
&nbsp;      Does anyone know how detect a web dav (Propfind method) request using IRules and then reject it? 
&nbsp;  
&nbsp; Any kind of help is fully appreciated.  
&nbsp;  
&nbsp; Thanks. 
&nbsp;  
&nbsp; Regards, 
&nbsp; TRX

hoolio · Answer

Hi TRX, 
  
 It would be more secure to positively define which request methods you want to allow and block all others.  Here is an example which uses a string type datagroup with the allowed HTTP request methods defined.  You can define the datagroup in the GUI under Local Traffic &gt;&gt; iRules &gt;&gt; Datagroup List tab.

class allowed_methods_class { 
    "GET" 
    "HEAD" 
    "POST" 
 }

You can then define an iRule which references the datagroup.  If you're on a version lower than 9.4.4 prepend a $:: to the datagroup name in the iRule only: $::allowed_methods_class.

when HTTP_REQUEST { 
  
     Check if request method is in the allowed_methods_class 
    if {not [matchclass [HTTP::method] equals allowed_methods_class]}{ 
  
        Illegal request method, send a 405 - Method Not Allowed response 
       HTTP::respond 405 
    } 
 }

Aaron

Forum Discussion

WebDav detection

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS