Forum Discussion
2 Replies
Sort By
- hooleylistCirrostratusYou can try to filter the URI using an iRule, but an attacker will be able to obfuscate their attack using many encoding schemes that the web server will probably parse and you won't be able to track in an iRule. An attacker could probably also send the malicious strings in the payload in POST requests. It would be very difficult to handle these scenarios in an iRule and still support typical production levels of traffic.
when HTTP_REQUEST { URI decode the URI set tmpUri [HTTP::uri] set uri [URI::decode $tmpUri] repeat decoding until the decoded version equals the previous value. while { $uri ne $tmpUri } { set tmpUri $uri set uri [URI::decode $tmpUri] } if {[string tolower $uri] contains "script"]}{ Found script in the decoded URI. Do something? HTTP::respond 404 } }
- hooleylistCirrostratusI should add that the best way to handle this efficiently and securely is to use a web app firewall and fix the application code. Trying to use an iRule to implement HTTP security is not going to be both efficient and complete.