For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Yozzer's avatar
Yozzer
Icon for Nimbostratus rankNimbostratus
Mar 07, 2012

XSS checks in irule

Hi     Can an irule check for special chars in a switch statement?       switch -glob [URI::decode [URI::query "?[HTTP::payload]" Param1]] {   "*<" {   set variable "x...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 13, 2012
Jason pointed out a nice trick for this. You can get a count of the number of instances of a character using split and llength:

 

 

llength [split [HTTP::payload] &]

 

 

Or to be more exact, you'd want to subtract one:

 

 

% set str {name1=value1&name2=value2&name3=value3}

 

 

% split $str &

 

name1=value1 name2=value2 name3=value3

 

 

% llength [split $str &]

 

3

 

 

Or together:

 

 

% expr {[llength [split $str &]] -1}

 

2

 

 

But really, ASM gives you much better normalization and validation. For example, you could apply all of the XSS attack signatures to all parameters. If you have a specific POST request you want to restrict the number of parameters to 1 for, you can configure this in the ASM policy.

 

 

Aaron