URI Keyword And HTTP Method Filtering

Problem this snippet solves:

Summary: iRule Used to filter requests that contain keywords and reject any HTTP Methods not listed

iRule to filter requests that have keywords in the uri. The URI is converted to lowercase and then decoded to prevent encoding tricks to circumvent the filter. It will also reject requests that use a HTTP Method other then the ones listed in the valid_methods class

Code :

# Data Classes

bigpipe class bad_uris { \"cmd.exe\" \"root.exe\" \"admin.dll\" }
bigpipe class valid_methods { \"GET\" \"POST\" }

# iRule Code

  #log local0. "HTTP Method: [HTTP::method]"
  #log local0. "HTTP Uri: [HTTP::uri]"
  if { [matchclass [URI::decode [string tolower [HTTP::uri]]] contains $::bad_uris] } {
    #log local0. "HTTP Uri is bad, discarding..."
  } elseif { not [matchclass [string toupper [HTTP::method]] equals $::valid_methods] } {
    #log local0. "HTTP Method not found in valid_methods list, rejecting..."
  } else {
    #log local0. "HTTP method found in valid_method list
Published Mar 18, 2015
Version 1.0

Was this article helpful?

No CommentsBe the first to comment