Forum Discussion

JD_Tomzak's avatar
JD_Tomzak
Icon for Cirrus rankCirrus
Sep 15, 2022
Solved

Irule advice?

Hello, I'm seeking advice on using an Irule to drop a connection when a certain condition is met in the URI. fid= followed by non numeric charectors. fid=1234 would pass. fid=13d4 would drop. Thanks...
  • Kevin_Stewart's avatar
    Sep 15, 2022
    when HTTP_REQUEST {
        if { [string tolower [HTTP::query]] contains "fld" } {
            if { ![string is digit [URI::query [HTTP::uri] "fld"]] } {
                log local0. "invalid fld value, rejecting from [IP::client_addr]"
                reject
            }
        }
    }
  • Kevin_Stewart's avatar
    Sep 19, 2022

    The following accounts for a POST request where the payload is URL encoded or XML:

    when HTTP_REQUEST { 
        if { [HTTP::method] eq "POST" } { 
            ## Trigger collection for up to 1MB of data 
            if { [HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576 }{ 
                set content_length [HTTP::header "Content-Length"] 
            } else { 
                set content_length 1048576 
            } 
            ## Check if $content_length is not set to 0 
            if { $content_length > 0 } { 
                HTTP::collect $content_length 
            } 
        } 
    } 
    when HTTP_REQUEST_DATA { 
        set fld ""
        if { [HTTP::payload] contains "fld=" } {
            foreach x [split [HTTP::payload] "&"] {
                if { $x starts_with "fld=" } {
                    set fld [lindex [split $x "="] 1]
                    continue
                }
            }
        } elseif { [HTTP::payload] contains "<fld>" } {
            set fld [findstr [HTTP::payload] "<fld>" 5 "</fld>"]
        }
        if { $fld ne "" } {
            if { ![string is digit $fld] } {
                log local0. "invalid fld value, rejecting from [IP::client_addr]"
                HTTP::respond 400 content "Bad Request" "Content-Type" "text/html" "Connection" "close"
            }
        }
    }