on 18-Mar-2015 13:08
Problem this snippet solves:
This iRule tries to detect all Path Traversal attempts against web sites in query string parameters. The regexp is probably not perfect, so please correct if necessary!
Code :
when HTTP_REQUEST { if { [HTTP::query] matches_regex {^.*=(\.\.|/)[[A-Za-z0-9./]*]*.*$} } { #log local0. "Triggered by IP [IP::client_addr] with URI [HTTP::uri]" reject } }