Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

[HTTP::uri] contains "*"

JoseP1
Nimbostratus
Nimbostratus

‎18-Nov-2021 23:14

 A vulnerability has been detected in the application, and if someone puts the character "*" in the url, it goes where it doesn't have to.

we thought about doing a simple redirect, but it doesn't work.

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" || [HTTP::uri] equals "/example1" || [HTTP::uri] contains "*" }

{

   HTTP::redirect "https://[HTTP::host]/blabla/"

}

 

}

the original irule did not have [HTTP :: uri] contains "*". has been put it and failed.

any ideas please?

 

thanks in advance

 

Labels:
0 Kudos
2 REPLIES 2

xuwen
MVP
MVP

‎19-Nov-2021 00:53

use this code:

when HTTP_REQUEST {

switch -glob [HTTP::uri] {

{*[*]*} -

"/" -

"/example1" {

HTTP::redirect "https://[HTTP::host]/blabla"

}

}

}

 

0 Kudos

JoseP1
Nimbostratus
Nimbostratus

‎19-Nov-2021 00:55

great¡¡thank you very much¡¡

. I try it and tell you.

0 Kudos
Copyright © 2023 Khoros, LLC