Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Blocking URI

Mrad_231364
Nimbostratus
Nimbostratus

‎02-Nov-2017 03:08

Hello

 

I need to block a URI /example.ashx?f=WXR&auser=1134

 

i created a custom violation called VIOLATION_FORBIDDEN and created the below iRule and apply it on the VS. But it is not working, and in the security event logs i am able to see this URI as legal request. But when i write in the iRule /example.ashx?f it is stopping it but other function on the applications are stopped too, so this is not a solution.

 

Any idea?

 

when HTTP_REQUEST { set reqBlock 0 if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=WXR&auser=1134")} { set reqBlock 1 } }

 

when ASM_REQUEST_DONE { if { $reqBlock == 1} { ASM::raise VIOLATION_FORBIDDEN } }

 

Labels:
0 Kudos
2 REPLIES 2

Lee_Sutcliffe
Nacreous
Nacreous

‎02-Nov-2017 03:18 - last edited on ‎05-Jun-2023 11:09 by Fog

you are using 

string tolower
but comparing it against a string that has upper case characters. Try changing to this:

if {([string tolower [HTTP::uri]] contains "/example.ashx?fn=wxr&auser=1134")} {

0 Kudos

Jesse_Green_347
Nimbostratus
Nimbostratus

‎26-Apr-2018 16:38

This is great and something I think I can use however I need help adding logic to allow the URI above if client IP is a private range. example 10.x.x.x/8 allow internal users to the URI, if not in range raise to violation forbidden? Any Suggestions?

 

0 Kudos
Copyright © 2023 Khoros, LLC