Forum Discussion

Mar 08, 2010

WebDav detection

Hello all, Does anyone know how detect a web dav (Propfind method) request using IRules and then reject it? Any kind of help is fully appreciated. Thanks. ...

Cirrostratus

Mar 08, 2010

Hi TRX,

It would be more secure to positively define which request methods you want to allow and block all others. Here is an example which uses a string type datagroup with the allowed HTTP request methods defined. You can define the datagroup in the GUI under Local Traffic >> iRules >> Datagroup List tab.

 
 class allowed_methods_class { 
    "GET" 
    "HEAD" 
    "POST" 
 }

You can then define an iRule which references the datagroup. If you're on a version lower than 9.4.4 prepend a $:: to the datagroup name in the iRule only: $::allowed_methods_class.

 
 when HTTP_REQUEST { 
  
     Check if request method is in the allowed_methods_class 
    if {not [matchclass [HTTP::method] equals allowed_methods_class]}{ 
  
        Illegal request method, send a 405 - Method Not Allowed response 
       HTTP::respond 405 
    } 
 }

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)