Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

Regex issue

Go to solution
Darius44
Altocumulus
Altocumulus

‎10-Nov-2023 02:40

Hello,

I am stuck on trying to find out how to match some parameters in a WAF request using regex wildcard

The parameters that I want to match are int the form of amp;arg20=something where the arg20 can be anything.

The repetitive part that I want to match with the regex is amp; and I want to match multiple times because it appears multiple times in the query string

This is the request 

GET /human.aspx?r=2900376326&arg20=dssdds&arg21=aaa HTTP/1.1

 I want to match the 2 parameters amp;arg20 and amp;arg21 with a wildcard which appears as invalid parameters

Parameter LocationQuery String
Parameter Nameamp;arg20
Parameter Valuedssdds
Applied Blocking SettingsBlock Alarm Learn
Parameter LocationQuery String
Parameter Nameamp;arg21
Parameter Valueaaa
Applied Blocking SettingsBlock Alarm Learn

 

I tried to create multiple wildcard parameters like: amp.* or amp.+?(?==) but the parameters never match and I get the illegal parameter violation

How can this be achieved?

Labels:
Preview file
39 KB
1 ACCEPTED SOLUTION

Go to solution
Darius44
Altocumulus
Altocumulus

‎10-Nov-2023 04:01

I somehow got it to work with this solution (not sure why it wasn't working before)

amp;[a-zA-Z0-9]*

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
Darius44
Altocumulus
Altocumulus

‎10-Nov-2023 02:41

I attahced the wildcard parameter entry that I have created

Preview file
43 KB
0 Kudos

Go to solution
Niels_van_Sluis
MVP
MVP

‎10-Nov-2023 02:59

You can try this:

amp;arg2[01]

This site can help you test your regular expressions:

regex101: build, test, and debug regex

 

0 Kudos

Go to solution
Darius44
Altocumulus
Altocumulus
In response to Niels_van_Sluis

‎10-Nov-2023 03:05

Hello,

 

Thank you for your answer.

I tried it and it still doesn't work.

Anyway there is the posibility that the parameters in the request will be amp;Arg02 or amp;arg100 or even amp;Opt10

The regex in my opinnion should match any parameter that starts with this string amp; and then anything else untill the = sign

I also tried it on the regex website and even on the f5 regex tester and the regex appears to be ok but when I try to use it in the policy it fails

0 Kudos

Go to solution
Niels_van_Sluis
MVP
MVP
In response to Darius44

‎10-Nov-2023 03:11

This?

amp;[a-zA-Z0-9]+=
0 Kudos

Go to solution
Darius44
Altocumulus
Altocumulus
In response to Niels_van_Sluis

‎10-Nov-2023 03:16

Same

Just to be sure that I am doing it correctly I attached the parameter creation page and the error that I get

Preview file
38 KB
0 Kudos

Go to solution
Darius44
Altocumulus
Altocumulus
In response to Darius44

‎10-Nov-2023 03:17

 
Preview file
48 KB
0 Kudos

Go to solution
Darius44
Altocumulus
Altocumulus

‎10-Nov-2023 04:01

I somehow got it to work with this solution (not sure why it wasn't working before)

amp;[a-zA-Z0-9]*

0 Kudos

Go to solution
Niels_van_Sluis
MVP
MVP
In response to Darius44

‎10-Nov-2023 04:10

Nice!

0 Kudos
Copyright © 2023 Khoros, LLC