URI Keyword And HTTP Method Filtering

Problem this snippet solves:

Summary: iRule Used to filter requests that contain keywords and reject any HTTP Methods not listed

iRule to filter requests that have keywords in the uri. The URI is converted to lowercase and then decoded to prevent encoding tricks to circumvent the filter. It will also reject requests that use a HTTP Method other then the ones listed in the valid_methods class

Code :

# Data Classes

bigpipe class bad_uris { \"cmd.exe\" \"root.exe\" \"admin.dll\" }
bigpipe class valid_methods { \"GET\" \"POST\" }

# iRule Code

when HTTP_REQUEST {
  #log local0. "HTTP Method: [HTTP::method]"
  #log local0. "HTTP Uri: [HTTP::uri]"
  if { [matchclass [URI::decode [string tolower [HTTP::uri]]] contains $::bad_uris] } {
    #log local0. "HTTP Uri is bad, discarding..."
    discard
  } elseif { not [matchclass [string toupper [HTTP::method]] equals $::valid_methods] } {
    #log local0. "HTTP Method not found in valid_methods list, rejecting..."
    reject
  } else {
    #log local0. "HTTP method found in valid_method list
  }
}
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
security
No CommentsBe the first to comment