cancel
Showing results for 
Search instead for 
Did you mean: 

Http requests with the question mark symbol "?" in the URL are not being blocked although disallowed in the URL character list

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi;

 

Http requests with the question mark symbol "?" in the URL are not being blocked although "?" isdisallowed in the URL character list.

 

for example http://www.xyx.com/?/file.extension

 

Kindly

Wasfi

1 ACCEPTED SOLUTION

You would either do that in an irule (on HTTP_REQUEST)

 

Or look at the

Security  ››  Application Security : Parameters : Parameters List  ››  Parameter Properties

for the * (wildcard) parameter

 

In the Name Meta Characters tab, select

Check characters on this parameter name

 

/ is already disallowed in the metacharacters

View solution in original post

3 REPLIES 3

Simon_Blakely
F5 Employee
F5 Employee

That question-mark isn't part of the URL - it is the Query Separator.

 

The URL is /

The Query String is /file.extension

 

Query string

Wasfi_Bounni
Cirrostratus
Cirrostratus

Thank you Simon. My aim is to block a URL that have the quetion mark in the manner asked. i.e. followed by any / character. However, if the question mark comes after the final / in the URL path, then I want it to be allowed: For example: http://www.xyz.com/abc/klm/file.php?

 

As I said, the question mark symbol is disallowed in the ASM policy under the URL character set section.

 

Kindly

Wasfi

You would either do that in an irule (on HTTP_REQUEST)

 

Or look at the

Security  ››  Application Security : Parameters : Parameters List  ››  Parameter Properties

for the * (wildcard) parameter

 

In the Name Meta Characters tab, select

Check characters on this parameter name

 

/ is already disallowed in the metacharacters