Forum Discussion

Nimbostratus

Mar 07, 2012

XSS checks in irule

Hi Can an irule check for special chars in a switch statement? switch -glob [URI::decode [URI::query "?[HTTP::payload]" Param1]] { "*<" { set variable "x...

Cirrostratus

Mar 13, 2012

Jason pointed out a nice trick for this. You can get a count of the number of instances of a character using split and llength:

llength [split [HTTP::payload] &]

Or to be more exact, you'd want to subtract one:

% set str {name1=value1&name2=value2&name3=value3}

% split $str &

name1=value1 name2=value2 name3=value3

% llength [split $str &]

Or together:

% expr {[llength [split $str &]] -1}

But really, ASM gives you much better normalization and validation. For example, you could apply all of the XSS attack signatures to all parameters. If you have a specific POST request you want to restrict the number of parameters to 1 for, you can configure this in the ASM policy.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

XSS checks in irule

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

URL and IP check iRule

Irule client certificate check against ldap value

How to check active connections in icontrol ?

iRULE regsub error

owa iapp assign irule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS