Forum Discussion

Nimbostratus

Mar 25, 2016

Solved

Alert or Block GET requests with data

We have a webpage with a username field, we'd like to prevent malicious actions by ensuring a GET with data cannot be accomplished. I would be happy with an iRule that looked to see if there was data...

ASM Advanced WAF

iRules

security

Tzoori_Tamam_95
Mar 28, 2016
I may have misunderstood the question, but if you enable an ASM policy, it is one of the basic check it enforces, under HTTP Protocol Compliance ("Body in GET of HEAD requests") - you need to make sure it is checked in the Policy Blocking Settings configuration page, and that your policy is set to Blocking.

Vernon_97235

Historic F5 Account

Mar 26, 2016

To drop:

when HTTP_REQUEST {
    if { [HTTP::method] eq "GET" } {
        HTTP::collect 10
    }
}

when HTTP_REQUEST_DATA {
    HTTP::release
    reject
}

John_Alam_45640
Historic F5 Account
Mar 26, 2016
You may also want to set the HTTP profile to UNCHUNK the requests. And look for the presence of the Content-Length header.

Forum Discussion

Alert or Block GET requests with data

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Certificate Expiry Email alert configuration

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ASM blocked request contains & (ampersand) symbol in parameter value

ASM L7 DoS email alert

Block requests by reverse DNS record