JoseP1
Nov 19, 2021Nimbostratus
[HTTP::uri] contains "*"
A vulnerability has been detected in the application, and if someone puts the character "*" in the url, it goes where it doesn't have to.
we thought about doing a simple redirect, but it doesn't work.
when HTTP_REQUEST {
if { [HTTP::uri] equals "/" || [HTTP::uri] equals "/example1" || [HTTP::uri] contains "*" }
{
HTTP::redirect "https://[HTTP::host]/blabla/"
}
}
the original irule did not have [HTTP :: uri] contains "*". has been put it and failed.
any ideas please?
thanks in advance