Forum Discussion
Stanislas_Piro2
Jun 28, 2018Cumulonimbus
Hi,
you can try this code:
when HTTP_REQUEST {
if { [string match {*[<>]*} [HTTP::uri]} {
log local0. "Detected illegal URL characters from [IP::client_addr]"
log local0. "[HTTP::request]"
TCP::close
drop
}
}
If the URI is encoded, you have to convert it before check
when HTTP_REQUEST {
set uri [URI::decode [HTTP::uri]]
if { [string match {*[<>]*} $uri} {
log local0. "Detected illegal URL characters from [IP::client_addr]"
log local0. "[HTTP::request]"
TCP::close
drop
}
}