Forum Discussion
hooleylist
Dec 16, 2008Cirrostratus
If you add the datagroup items in lower case, you can set the request to lower case before using matchclass to test the URI. Also, it would be more efficient to use HTTP::path versus HTTP::uri assuming you're not looking for the query string in the URI.
when HTTP_REQUEST {
if {[matchclass [string tolower [HTTP::path]]...
If you're doing this for security, you might want to consider the different ways malicious users could try to obfuscate the path. The simplest way to bypass your logic might be to prepend an extra forward slash. I think most versions of IIS will accept this. For example this request to MS's main page works: http://www.microsoft.com//////////en/us/default.aspx. There are quite a few different encoding methods that would also be parsed as valid requests by the web server.
Hopefully you're performing authentication/authorization on the application as well.
Aaron