Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Wildcard parameter issue

Hi everyone,

im facing an issue with wildcard parameter, i reviewed many blocked request match with attack sig " SQL-INJ "end-quote UNION" (Parameter)"

parameter names: ctl00_body_xxxxx

ctl00_body_yyyy

ctl00_body_zzzz

etc....

i created wildcard parameter ---> [ctl00_body] and i disabled the mentioned attack sig on this wildcard parameter and applied the policy

but the request still hit this * wildcard and our customers still getting blocked anyone know why?

Image Text

Image Text

Thank you

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

the wildcard parameter name must be :

ctl00_body_*
0
Comments on this Answer
Comment made 1 month ago by Mohanad 172

Thanks Stan,

why [] is not working? bigip is not support this special chars?

[ ] Matches characters within the brackets.

i.e b[ae]ll finds ball and bell, but not bill.

0
Comment made 1 month ago by Stanislas Piron 10121

You’re right, but the wildcard parameter must match all characters...

[ctl00_body] Will match only single character parameter contained between brackets

0
Comment made 1 month ago by Mohanad 172

but the wildcard parameter must match all characters... is this logic related to bigip ?

0
Comment made 1 month ago by Stanislas Piron 10121

[ctl00_body] means only those parameters are included:

  • c
  • t
  • l
  • 0
  • 0 (why another 0???)
  • _
  • b
  • o
  • d
  • y

so fixed content must be out of brackets

ctl00_body_

then you must defined what is variable :

if you want to match anything starting with ctl00_body_ :

ctl00_body_*

if you want to match parameter starting with ctl00_body_ and with 2 digits at the end:

ctl00_body_[0-9][0-9]

if you want to match parameter starting with ctl00_body_ and with 4 alpha decimal characters at the end:

ctl00_body_[0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z][0-9a-zA-Z]

...

0
Comment made 1 month ago by Mohanad 172

Thank you Stanislas very much for your clarification, this is so helpful

i thought [xx_yy] means match any parameter start with xx_yy i didn't know it will match only 1 char, i was confused because i faced the same issue with with another VS and i solved it using [ ]

0