Forum Discussion

jcline's avatar
jcline
Icon for Nimbostratus rankNimbostratus
Aug 25, 2015

I need an iRule that will search a uri or query string for <script> and allow me to send a custom response.����&#65

I have ASM and it works for all traffic but our external PCI scanner which is white listed. The scanner is getting a 200 response on a custom errors page but accepts it as proof that we are vulnerable to CSS.

 

The Rule below causes the site to go to an unavailable page. If I drop the < > tags it finds script but will also hit on description and many other legitimate requests.

 

Is there a way to include the tags or use a wildcard in the search string so it will search for script * script?

 

Thanks

 

when HTTP_REQUEST { if { [HTTP::uri] contains "

 

application delivery
devops
iRules

3 Replies

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Aug 25, 2015

    Jcline, could you use backslash substitution to escape the characters e.g.

     

    BTW, re the workings of ASM, if you've white listed the scanner IP then is the custom error from the back end servers?

     

    N