WebDav detection

Question

Hello all,  
&nbsp;      Does anyone know how detect a web dav (Propfind method) request using IRules and then reject it? 
&nbsp;  
&nbsp; Any kind of help is fully appreciated.  
&nbsp;  
&nbsp; Thanks. 
&nbsp;  
&nbsp; Regards, 
&nbsp; TRX

hoolio · Answer

Hi TRX, 
  
 It would be more secure to positively define which request methods you want to allow and block all others.  Here is an example which uses a string type datagroup with the allowed HTTP request methods defined.  You can define the datagroup in the GUI under Local Traffic &gt;&gt; iRules &gt;&gt; Datagroup List tab.

class allowed_methods_class { 
    "GET" 
    "HEAD" 
    "POST" 
 }

You can then define an iRule which references the datagroup.  If you're on a version lower than 9.4.4 prepend a $:: to the datagroup name in the iRule only: $::allowed_methods_class.

when HTTP_REQUEST { 
  
     Check if request method is in the allowed_methods_class 
    if {not [matchclass [HTTP::method] equals allowed_methods_class]}{ 
  
        Illegal request method, send a 405 - Method Not Allowed response 
       HTTP::respond 405 
    } 
 }

Aaron

Forum Discussion

WebDav detection

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Request for Bug Tracker/Known Issues – BIG-IP Version 17.5.1.2

AST Configuration Assistance

Adding logging to APM per-request policy without SWG license

Single LTM with multiple GTM domains

License activation

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

IIS 6.0 WebDAV Buffer Overflow

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS