cancel
Showing results for 
Search instead for 
Did you mean: 

[HTTP::uri] contains "*"

JoseP1
Nimbostratus
Nimbostratus

 A vulnerability has been detected in the application, and if someone puts the character "*" in the url, it goes where it doesn't have to.

we thought about doing a simple redirect, but it doesn't work.

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" || [HTTP::uri] equals "/example1" || [HTTP::uri] contains "*" }

{

   HTTP::redirect "https://[HTTP::host]/blabla/"

}

 

}

the original irule did not have [HTTP :: uri] contains "*". has been put it and failed.

any ideas please?

 

thanks in advance

 

2 REPLIES 2

xuwen
Cirrus
Cirrus

use this code:

when HTTP_REQUEST {

switch -glob [HTTP::uri] {

{*[*]*} -

"/" -

"/example1" {

HTTP::redirect "https://[HTTP::host]/blabla"

}

}

}

 

JoseP1
Nimbostratus
Nimbostratus

great¡¡thank you very much¡¡

. I try it and tell you.