Have some code. Share some code.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Problem this snippet solves:

This (untested) iRule should block some SQL attack attempts in the query string. It's not a substitute for ASM as no checking of post data parameters is done, but it does demonstrate the power of iRules!

It's my first CodeShare effort so my apologies if it is not to the usual standard!

How to use this snippet:

Uses the FullyDecodeUri example and a switch statement.


Note that the unbounded while loop in this iRule may be dangerous. Due to a flaw in URI::decode (ID 337562), it is possible that for some URI's, $uri will never equal $tmpUri, and the loop will continue forever. The variables will keep growing in length, leading to a TMM core. Capping the amount of possible iterations of the while loop is a wise idea.

Code :


   # set URI to lower case
   set tmpUri [string tolower [HTTP::uri]]

   # URI decode the URI
   set uri [URI::decode $tmpUri]

   # repeat decoding until the decoded version equals the previous value.
   while { $uri ne $tmpUri } {
      set tmpUri $uri
      set uri [URI::decode $tmpUri]

   switch -glob [string tolower [HTTP::uri]] {
      "*<*" -
      "*>*" -
      "*select *" -
      "*insert *" -
      "*update *" -
      "*delete *" -
      "*create *" -
      "*drop *" -
      "*.\[tempdb\].*" -
      "*.\[master\].*" -
      "*.\[model\].*" -
      "*.\[msdb\]." -
      "*.\[dbo\].*" -
      "*tempdb.*" -
      "*master.*" -
      "*model.*" -
      "*msDB.*" -
      "*.dbo.*" -
      "*script*" -
      "*\r\n*" -
      "*%*" {
         # Send a TCP reset
      default {
         # Do nothing here to use the VIP's default pool
Version history
Last update:
‎18-Mar-2015 12:07
Updated by: